Use https://seceonhelp.freshdesk.com/support/login to access updated Knowledge Base Articles, Submit Technical Support Tickets and Review Status of submitted support tickets.

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 5 Current »

Overview:

This document will help you with the steps to ingest the configure Sophos Central, to export logs to a SIEM with Seceon SIEM to have better visibility of threats happening in your environment

How to send alert and event data to your SIEM

  1. You require a token to access event data via the API.
    In Sophos Central Admin, go to Global Settings > API Token Management.

  2. To create a new token, click Add token from the top-right corner of the screen.

  3. Select a token name and click Save. The API Token Summary for this token is displayed.

  4. Click Copy to copy your API Access URL + Headers from the API Token Summary section into your clipboard.

Configuration On the GUI

Go to Provisioning >> Add-on Devices >> Add-on Configuration to configure the Sophos Central.


  • No labels

Seceon Inc. All rights reserved. https://www.seceon.com