Sophos Central allows you to send to Hunters a variety of logs from different Sophos logs sent to the Sophos Central suite.
Supported Data Types
All data types under Sophos Central are supported.
Sending Data to Hunters
In order to send Sophos Central logs to Hunters, please follow the guidelines below.
You will require API Credentials to access event/alert data via the API. In order to get those credentials, within Sophos Central Admin go to Global Settings > API Credentials Management.
To create a new token, click Add Credential from the top-right corner of the screen.
Select a Credential name and select the appropriate role and add a description if you want and click Add. The API credential Summary for this credential is displayed.
Click on Show Client Secret to display Client Secret.
Share the credentials with Hunters