Description
This article will describe how to configure the Sophos central API URI in order to pick up logs from sophos central
Scope
FortiSIEM All Versions
Solution
This article will describe how to configure the Sophos central API URI in order to pick up logs from sophos central
Scope
FortiSIEM All Versions
Solution
In order to collect data from Sophos Central, we will need the following:
1 - Authorization Key
2 - API Key
3 - Sophos Central URL
This information is then broken up into 4 parts:
1 - Authorization Key
2 - API Key
3 - Sophos Central URI
4 - Sophos Central Destination
The Authorization Key and API key provided from Sophos Central will be respectively configured within the credentials page.
The Sophos URL is broken up into two pieces:
A - https://api1.central.sophos.com
NOTE: depending on the account creation, sophos may provide you a
different api endpoint (eg. api1.central.sophos.com would also work)
B - /gateway/siem/v1/events
To Apply the configuration provided by Sophos:
1 - In the URI field, fill in with "gateway/siem/v1/events" as illustrated below
Admin > Setup > Credentials > Step 1 > New
2 - Add the address to the 2nd step within the credential's tab
Admin > Setup > Credentials > Step 2 > New
3 - Save this and Click on Test Connectivity without Ping: | ||
 4 - Verify that this entry has been scheduled for event pulling Admin > Setup > Pull Events |
