Setting Up Integrations

Share

Is this article helpful?

Last updated:

Sophos Integration Guide for SecurityCoach

In this article, you'll learn how to integrate Sophos endpoint security with SecurityCoach. Once the integration is complete, data provided by Sophos will be available under the SecurityCoach tab of your KSAT console. This data can be viewed in SecurityCoach reports and used to create detection rules for real-time coaching campaigns. For general information about SecurityCoach, see our SecurityCoach Product Manual.

Tip:SecurityCoach also supports integrating Sophos as a Splunk vendor. If your organization uses Splunk for security information and event management, we recommend integrating through Splunk instead by following our Splunk Integrations Guide for SecurityCoach.

Setting Up the Integration Sophos

To set up the Sophos integration with SecurityCoach, you’ll first need Sophos API credentials from your Sophos console, which you can then enter in your KSAT console.

  1. Log in to your Sophos console.
  2. Navigate to Global Settings > API Credentials Management.

  3. Select Add Credential. A pop-up window will appear.

  4. In the Credential name field, enter a name for your integration, such as “KnowBe4 Integration”.
  5. In the Description field, enter a description for your integration, such as “KnowBe4 Sophos Integration”.
  6. In the Role drop-down menu, select Service Principal ReadOnly.

  7. Select Add. An API credential summary page will load.
  8. Copy and save your Client ID and Client Secret in a place you can easily access. You’ll need these credentials to complete the integration.

Important:The Client Secret will be shown only once. When you’re ready to copy your Client Secret, seelect Show Client Secret.

Setting Up the Integration in KSAT

Once you have copied your API credentials from your Sophos account, you can set up the integration in your KSAT console. To integrate Sophos in your KSAT console, follow the steps below.

  1. Log in to your KSAT console and navigate to SecurityCoach > Setup > Security Vendor Integrations.
  2. Navigate to the Sophos card and select Configure > Direct Integration.
  3. Enter the Client ID and Client Secret that you saved in the Setting Up the Integration in Sophos section of this article.

  4. Select Connect.

Map Your Users

Once Sophos is integrated, you can map your users with mapping rules or by uploading a CSV file. We recommend using mapping rules. For more information about user mapping, see our Map Users in SecurityCoach article.

You can also manage detection rules for Sophos in the SecurityCoach > Detection Rules subtab. For a full list of Sophos system detection rules, see our System Detection Rules by Vendor article.

Was this article helpful?

1 out of 1 found this helpful

Can't find what you're looking for?

Contact Support