Sophos¶
Sophos Antivirus enables Chronicle to pinpoint when attacks happen and on which assets by linking together alerts with telemetry seen across the environment.
Chronicle Data Types¶
- SOPHOS_AV
Configuration¶
Sophos Central¶
Sophos Central offers a secure API for retrieving event and alert data. When provided with API credentials, Cyderes can pull this data on behalf of the customer and send it to Chronicle. Instructions to acquire the API credentials are outlined in steps 2 through 5 of this guide: https://community.sophos.com/kb/en-us/125169.
Gather Information¶
Provide the following information to Cyderes to complete implementation:
- Client ID
- Client Secret