Technical Tip: How to configure Sophos central URI
Description
This article describes how to configure Sophos Central to pick up logs from Sophos Central.
Scope
FortiSIEM v7.4.x.
Solution
To collect data from Sophos Central, the following is necessary:
- Tenant ID.
- Client ID.
- Client Secret.
- Sophos Central URL.
The Tenant ID, Client ID, and Client secret provided from Sophos Central will be respectively configured within the credentials page.
The Sophos URL is as follows: https://api.central.sophos.com
Note:
Depending on the account creation, Sophos may provide a different API endpoint (e.g. api1.central.sophos.com would also work).
To apply the configuration provided by Sophos:
- Admin -> Setup -> Credentials -> Step 1 -> New.
- Add the address to the 2nd step within the credential's tab under Admin -> Setup -> Credentials -> Step 2 -> New.
- Save this and select to Test Connectivity without Ping:
- Verify that this entry has been scheduled for event pulling. Admin -> Setup -> Pull Events.
Related document: