Before you begin

Before Blumira can retrieve logs from Sophos Central, you will first need to obtain credentials to access the Sophos Central API. To obtain these credentials, please follow these steps.

  1. From the Sophos Central Admin page (https://central.sophos.com) go to Global Settings > API Token Management.
  2. Click Add token on the top-right corner of the screen.
  3. Select a token name and click Save.
  4. In API Token Summary, check the API Access Url + Headers section, and take note of:
    • url
    • x-api-key
    • Authorization (for example, Basic ZjAyODczYjctAxm42adfGhi3aE3…aSDF=)

Configuring Blumira

Next, you’ll need to configure your Blumira sensor to connect to the Sophos Central API, using the credentials you obtained in the steps above.

Follow these steps to add the Sophos Central module:

To add a module on an existing sensor and provide credentials:

  1. In Blumira, click Settings.
  2. Click Sensors.
  3. Click the sensor on which you want to add a module.
  4. On the detail page for the sensor, scroll down and click Add Module.
  5. In the Add New Module window, select the newest version of this integration’s module. Note: For the best stability and performance, Blumira will update the module version when old versions are deprecated.
  6. Enter the credentials that you gathered in the “Before you begin” section above.
  7. (Optional) Type a name for this log deployment in the Log Source Name box. This name is what will appear in the “device_address” column in the results of your event data queries. If you might have additional modules collect logs for different integrations in the future, this will help you distinguish them. Note: The name can only contain alphanumeric characters, periods, and hyphens; no spaces or underscores are allowed.
  8. Click Install.