Integrations and Collaboration

Access Cloud Optix features programmatically via a REST API and integrate seamlessly with third-party services such as SIEM and DevOps tools to streamline security operations and improve collaboration.

Security Operations
CI/CD and DevOps Tools
Ticketing
Cloud Providers

Splunk

Integrate Cloud Optix with your Splunk SIEM system to receive instant notification of security events and improve visibility for security operations teams.

Azure Sentinel (SIEM)

Send cloud security events detected by Cloud Optix into Azure Sentinel workspaces and customize the alert levels sent (Critical, High, Medium, and Low).

PagerDuty

Send cloud security events detected by Cloud Optix into PagerDuty and customize the alert levels sent (Critical, High, Medium, and Low).

Slack

Raise instant alerts to a chosen Slack channel for security events detected by Cloud Optix.

Microsoft Teams

Raise instant alerts to a chosen team for security events detected by Cloud Optix.

Amazon SNS

Raise instant alerts to a chosen Amazon Simple Notification Service (SNS) topic for security events detected by Cloud Optix.

Amazon Inspector

Filter Cloud Optix AWS Host Inventory to quickly identify EC2 instances for which there are Amazon Inspector findings, while the Network Topology CVE filter allows customers to highlight EC2 instances that have CVEs discovered by Amazon Inspector based on severity.

AWS Systems Manager

Receive patch status for EC2 Instances in the Cloud Optix console when AWS Systems Manager is enabled in the EC2 management console.

Sophos IAC Rest API

Cloud Optix Rest API allows teams to scan Infrastructure-as-Code templates at any stage of development (even before upload to Source Control) regardless of what code repository is being used e.g Gitlab.

GitHub

Automatically scan Infrastructure-as-Code templates in GitHub repositories and detect misconfigurations, embedded secrets, passwords, and keys before they make it into production. Cloud Optix can checks Terraform, AWS CloudFormation, Ansible, Kubernetes, and Azure Resource Manager (ARM) template files.

Bitbucket

Automatically scan Infrastructure-as-Code templates in Bitbucket repositories in and detect misconfigurations, embedded secrets, passwords, and keys before they make it into production. Cloud Optix checks Terraform, AWS CloudFormation, Ansible, Kubernetes, and Azure Resource Manager (ARM) template files.

Jenkins

Empower DevOps teams to remediate configuration issues, embedded secrets, passwords, and keys before deployment to production by raising alerts via API directly in the Jenkins build pipeline.

Jira

Allow your teams to embed cloud security and compliance response into standard workflows by creating Jira tickets from inside the Cloud Optix console for new Sophos Cloud Optix alerts. Two-way integration avoids duplication by ensuring existing tickets for the same issue type are updated if present before a new ticket is created.

ServiceNow

Improve response times by creating ServiceNow tickets for cloud security events directly inside the Cloud Optix console. Two-way integration ensures existing tickets for the same issue type are updated if present before a new ticket is created.

Amazon SNS

Raise instant alerts to a chosen Amazon Simple Notification Service (SNS) topic for security events detected by Cloud Optix.

Amazon GuardDuty

Aggregate Amazon GuardDuty alerts into Cloud Optix dashboard regardless of region. When turned on, other enabled integrations such as Jira, Slack, and ServiceNow automatically work for GuardDuty.

AWS CloudTrail

Cloud Optix uses machine learning to profile activity using AWS CloudTrail logs, and determine whether certain activity may be ‘high-risk’ based on previous activity.

AWS IAM Access Analyzer

Discover cross-account and external account S3 access with ease. IAM Access Analyzer findings, provided in the Cloud Optix console, analyze hundreds or even thousands of policies across AWS environments in seconds.

Learn More

Amazon Detective

Connecting disparate actions across AWS accounts, Amazon Detective integration enables rapid investigation of patterns in behavior to understand the root cause of a security finding, as well as the resources affected.

Learn More

AWS Trusted Advisor

Cloud Optix provides the best of both worlds, with independent Sophos recommendation to optimize costs, and integration with AWS Trusted Advisor when organizations have the necessary AWS support plan in place.

Amazon Inspector

AWS Systems Manager

Receive patch status for EC2 Instances in the Cloud Optix console when AWS Systems Manager is enabled in the EC2 management console.

Azure Sentinel (SIEM)

Send cloud security events detected by Cloud Optix into Azure Sentinel workspaces and customize alert levels sent (Critical, High, Medium, and Low).

Azure Advisor

Cloud Optix cost monitoring integrates directly with the Azure Advisor to enable organizations to receive recommendations to reduce Azure costs alongside AWS in the same console.

Cloud Security Posture Management API

Ingest data from Cloud Optix to continuously monitor AWS, Azure, and Google Cloud environments for threats and unusual behavior.

The REST API enables security operations teams to correlate data and understand the root cause of a security finding, as well as the resources affected, to provide the context needed to understand if activities are malicious.

Learn More

Free Trial How to Buy