Sophos Endpoint Protection helps secure workstations by adding prevention, detection, and response technology on top of the operating system.
Creating an API Token for Sophos Endpoint Protection
Before configuring the Sophos Endpoint Protection connector in Lucidum, you must first create an API Token. Lucidum will use the API Token to access the Sophos Endpoint Protection API.
Log in to the Sophos Central Admin, click Global Settings > API Token Management.
Click Add Token, select a Token Name and click Save. The API Token Summary for this token will be displayed.
Copy the following information:
API Access URL - copy the entire URL, and paste to the Sophos API Domain field in the Add Connection dialog of the adapter.
x-api-key - copy the key and paste to the x-api-key field in the Add Connection dialog of the adapter.
Authorization - copy the authorization text (starts with "Basic") and paste to the Authorization field in the Add Connection dialog of the adapter.
Configuring the Connector for Sophos Endpoint Protection
To configure Lucidum to ingest data from Sophos Endpoint Protection:
Log in to Lucidum.
In the left pane, click Connector.
In the Connector page, click Add Connector.
Scroll until you find the Connector you want to configure. Click Connect. The Settings page appears.
In the Settings page, enter the following:
API Version (optional, default is v1) - Sophos API version.URL (required): Sophos API host URL, for example, http://api1.central.sophos.com/gateway/
API Key (required): The x-api-key provided as part of the API Token Summary in the Sophos Central Admin.
Authorization Text (required): The Authorization text (starts with "Basic") provided as part of the API Token Summary in the Sophos Central Admin.
Verify SSL. For future use.
To test the configuration, click Test.
If the connector is configured correctly, Lucidum displays a list of services that are accessible with the connector.
If the connector is not configured correctly, Lucidum displays an error message.