Skip to content


Sophos Antivirus enables Chronicle to pinpoint when attacks happen and on which assets by linking together alerts with telemetry seen across the environment.

Chronicle Data Types



Sophos Central

Sophos Central offers a secure API for retrieving event and alert data. When provided with API credentials, Cyderes can pull this data on behalf of the customer and send it to Chronicle. Instructions to acquire the API credentials are outlined in steps 2 through 5 of this guide:

Gather Information

Provide the following information to Cyderes to complete implementation:

  • Client ID
  • Client Secret