Use https://seceonhelp.freshdesk.com/support/login to access updated Knowledge Base Articles, Submit Technical Support Tickets and Review Status of submitted support tickets.

Instructions to configure Sophos Central, to export logs to a SIEM

Overview:

This document will help you with the steps to ingest the configure Sophos Central, to export logs to a SIEM with Seceon SIEM to have better visibility of threats happening in your environment

How to send alert and event data to your SIEM

  1. You require a token to access event data via the API.
    In Sophos Central Admin, go to Global Settings > API Token Management.

  2. To create a new token, click Add token from the top-right corner of the screen.

  3. Select a token name and click Save. The API Token Summary for this token is displayed.

  4. Click Copy to copy your API Access URL + Headers from the API Token Summary section into your clipboard.

 

 

Configuration On the GUI

Go to Provisioning >> Add-on Devices >> Add-on Configuration to configure the Sophos Central.

 



Seceon Inc. All rights reserved. https://www.seceon.com