Sophos Integrations and APIs

Easily automate monitoring, security, and administration activities in Sophos Central.

Become an Integration PartnerAPI Support

Current Integrations and API Partners

 

Network Access Control/Data Protection

Aruba logo

Aruba Networks

The Sophos Intercept X and Aruba ClearPass Policy Manager integration allows ClearPass to make more informed, device-specific decisions.

Sophos ensures only endpoints that meet or exceed compliance and security policy can gain access to wired or wireless networks, and thus access to applications, resources, and data.

Learn More

Cigent logo

Cigent

Cigent’s Dynamic Data Defense Engine (D3E) for Windows 10 ingests threat intelligence and security events from Sophos Central and, when the threat level is elevated, dynamically locks access to sensitive files and Cigent Secure Drives with step-up authentication.

Learn More

Firewall

Auvik

Auvik

Sophos Firewall integration with Auvik provides cloud-based network monitoring and management software. Automate complex network tasks for today’s changing workforce.

Learn More

 

Business Intelligence/IT Monitoring

BrightGauge

BrightGauge

Choose from two default dashboards to manage your alerts, endpoints, and tenants or build your dashboard from scratch from around 26 built-in KPS inspectors, including:

  • Alerts by severity, category, time 
  • Endpoints by tenant, health state, threat status
  • Server overall health status 
  • Tamper protection status 
  • Total endpoints, total tenants

Learn More

ServerEye

ServerEye 

ServerEye is IT monitoring software that informs you about trends and tendencies in your customer’s systems.   

Sophos-ServerEye integration provides sensors for server/client status, infections, and alarms.

Learn More

 

Remote Monitoring & Management (RMM)

Datto RMM

Datto RMM

Datto RMM is a fully-featured, secure, cloud-based platform which enables MSPs to remotely monitor, manage, and support endpoints, reducing costs and increasing service delivery efficiency. 

Learn More

ConnectWise

ConnectWise Automate

Boost your IT team’s effectiveness with Sophos-ConnectWise Automate integration.

Designed to provide a dashboard-level view of endpoint health and threat status, you can drill down into detailed views of endpoints and alerts to take real-time action. The integration also provides the ability to configure endpoint deployments across tenants.

Learn More

SolarWinds

SolarWinds N-central

SolarWinds N-central is an RMM solution designed to help managed service providers handle complex networks with ease.

With extensive automation and in-depth configurability options, security features like antivirus and patch management, and integrated backup, N-able is built to help MSPs efficiently manage intricate networks from one easy-to-use platform. 

Learn More

NinjaRMM

NinjaRMM

NinjaRMM provides intuitive endpoint management software to managed service providers (MSPs) and IT professionals with an exceptional user experience and all the support you need to deliver fast and effective IT management. 

Learn More

Syncro

Syncro MSP

Sophos integrates with the remote installation component of the combined RMM-PSA functionality of SyncroMSP.

Learn More

VSA

VSA RMM

Do more with less thanks to Sophos-VSA RMM integration.

Quickly determine endpoint health issues, then action a single endpoint or many endpoints in bulk. Retrieve a filterable list of tenants and auto-deploy configuration policies.

Filter alerts by category and severity, then action a single alert or multiple alerts at once.

Streamline deployments with CSV and installation files, auto-deployment across machine groups, or manual deployment to specific endpoints. And view audit logs to determine if installs and bulk actions have been successful.

Learn More

 

Professional Services Automation (PSA)

ConnectWise Manage

ConnectWise Manage

All products deployed through Sophos Central as part of the MSP Connect program are available for ConnectWise Manage integration, including Intercept X, Disk Encryption, Endpoint, Mobile, Web, Email and Wireless. 

  • Sophos Central will automatically create all products in ConnectWise Manage 
  • Sophos will automatically update the Agreement Addition nightly to provide up-to-date billing information on all Sophos products deployed across an MSP’s customer base 
  • The integration will provide ongoing, real-time data to ConnectWise Manage 

Learn More

Datto Autotask PSA

Datto Autotask PSA

All products deployed through Sophos Central as part of the MSP Connect Flex program are available for Datto Autotask PSA integration, including Intercept X, Disk Encryption, Endpoint, Mobile, Web, Email, Wireless, and Cloud Optix. 

Sophos Central will automatically create all products in Autotask PSA, and will automatically update the service contract nightly to provide up-to-date billing information on all Sophos products deployed across an MSP’s customer base. The integration will provide ongoing, real-time data to Autotask PSA and additionally supports manual syncs.

Learn More

 

Security Operations And Response (SOAR)

Rapid7

Rapid7

InsightConnect is Rapid7’s security orchestration and automation response (SOAR) solution.

With it you can accelerate, streamline, and integrate your time-intensive security processes with little to no coding required by your security team.

When you use the Sophos-InsightConnect integration, you can run your multi-solution processes automatically and free up your security team’s bandwidth to tackle other challenges. 

Learn More

Cortex XSOAR

Cortex XSOAR

Cortex XSOAR integration supports 29 Sophos Central commands, including:

  • Alert listing, retrieval, and actions
  • List and scan tenant endpoints 
  • Retrieve and update endpoint tamper protection information
  • List, retrieve, add/update/delete allowed items, blocked items, and scan exclusions
  • List, retrieve, exclude, update, and delete exploits and related mitigations

Learn More

Swimlane

Swimlane

Swimlane’s SOAR solution helps organizations address all security operations (SecOps) needs, including prioritizing alerts, orchestrating tools, and automating the remediation of threats—improving performance across the entire organization.

Learn More

 

IT Documentation

Liongard

Liongard

Sophos-Liongard integrations automate the management and protection of modern IT environments at scale for managed service providers and enterprise IT operations.

Available integration guides:

Sophos Central Inspector

Sophos SG Inspector

Sophos Firewall Inspector

 

Threat Intelligence Platform

Intelix-MISP

Intelix-MISP

With SophosLabs Intelix-MISP integration, you get the same threat intelligence used in your Sophos products available within your MISP environment. By applying SophosLabs data to file hashes, URLs, and IPs, you can quickly and easily identify high risk events.

Learn More

 

Security Information & Event Management (SIEM)

Respond Software

Respond Software

Respond Software is the cybersecurity investigation automation company and creator of the Respond Analyst, an XDR engine built to accelerate investigations for security operations teams. 

The Sophos Collector ingests event and alert data into the Respond platform for automated analysis. 

Sumologic

Sumologic

Investigate rare events and long-tail threats you can't perform with a traditional SIEM.

The Sophos-Sumo Logic integration adds a data collector directly to the Sumo Logic interface and ingests Sophos Central Alert and Endpoint data 

Learn More

 

Cloud

Security Operations

  • Splunk
  • Microsoft Teams
  • PagerDuty
  • Amazon Inspector
  • Azure Sentinel (SIEM)
  • Amazon SNS
  • Slack
  • AWS Systems Manager

CI/CD DevOps Tools

  • Cloud Optix Rest API
  • Azure Resource Manager (ARM)
  • Bitbucket
  • Amazon Elastic Container Registry
  • AWS Cloud Formation
  • GitHub
  • Terraform
  • Jenkins
  • Microsoft Azure Container Registry
  • Docker Hub Registry

Cloud Providers

  • Amazon Detective
  • AWS Systems Manager +Server
  • AWS Security Hub +Server
  • AWS Secrets Manager +Firewall
  • Azure Advisor
  • AWS IAM Access Analyzer
  • Amazon Elastic File System
  • AWS Cloud Formation +Firewall
  • Azure Resource Manager (ARM)
  • Amazon Inspector
  • AWS Trusted Advisor
  • Amazon Autoscaling
  • Amazon Elastic Container Registry
  • Microsoft Azure Container Registry
  • Amazon SNS
  • AWS CloudTrail
  • Amazon CloudWatch +Server
  • Azure Sentinel (SIEM)

Ticketing

  • JIRA
  • ServiceNow

Sophos Central APIs

Automate your security and management workflows with Sophos Central APIs

The Sophos Public API program makes it easy to automate monitoring, security, and administration activities in Sophos Central

Learn More

Shaking hands

 

Interested in becoming an integration partner?

Speak with an expert

Get in Touch

Community icon

 

Sophos Community

Check out the Sophos Community to find answers to your questions and stay up to date!

Learn More

Stacked boxes

 

Threat Intelligence APIs

SophosLabs Intelix lets you leverage the technology behind SophosLabs through a suite of RESTful APIs.

Learn More