Central Sophos For FortiSIEM

victorthai · ‎02-08-2025

How do I integrate Sophos Central with my FortiSIEM? The manual says I need an API Key, but in Sophos, I only have a Client ID and Client Secret?

funkylicious · ‎02-08-2025

Login to Sophos Central Website.
Go to Global Settings > API Token Management. Click Add Token.
The Token will display.

Get API Key from Headers (part between x-api-key: and Authorization Basic).

https://docs.fortinet.com/document/fortisiem/7.3.0/external-systems-configuration-guide/750644/sopho...

"jack of all trades, master of none"

victorthai · ‎02-08-2025

As you can see in the screenshot, only the Client ID and Secret ID appear, which is not the API Key.

funkylicious · ‎02-08-2025

try this command in order to the get the token/api key and see if it works

curl -XPOST -H "Content-Type:application/x-www-form-urlencoded" \
            -d "grant_type=client_credentials&client_id=<client-id>&client_secret=<client-secret>&scope=token" \
            https://id.sophos.com/api/v2/oauth2/token

"jack of all trades, master of none"

victorthai · ‎02-08-2025

As you can see in the screenshot, only the Client ID and Secret ID appear, which is not the API Key.

M1kemclain247 · ‎03-13-2025

Also struggling with this - it seems Sophos are no longer allowing you to create - API Tokens , and are now enforcing use of API Credentials with Client ID , Secret Key ,

I'm suspecting fortinet might need to review/update the Integration for Sophos Central API to cater for this change?

also need this working ASAP and ive tried different combinations but cannot get this working.

M1kes

M1kemclain247 · ‎03-14-2025

they no longer use API tokens in their system , u can obtain an "access token" once u authenticate using the Client Secret & Client ID but that access token just allows u to then interact with their API.

M1kes

Central Sophos For FortiSIEM

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website