Sophos Integrations and APIs

Aruba Networks

The Sophos Intercept X and Aruba ClearPass Policy Manager integration allows ClearPass to make more informed, device-specific decisions.

Sophos ensures only endpoints that meet or exceed compliance and security policy can gain access to wired or wireless networks, and thus access to applications, resources, and data.

Learn More

Cigent

Cigent’s Dynamic Data Defense Engine (D3E) for Windows 10 ingests threat intelligence and security events from Sophos Central and, when the threat level is elevated, dynamically locks access to sensitive files and Cigent Secure Drives with step-up authentication.

Learn More

Auvik

Sophos Firewall integration with Auvik provides cloud-based network monitoring and management software. Automate complex network tasks for today’s changing workforce.

Learn More

BrightGauge

Choose from two default dashboards to manage your alerts, endpoints, and tenants or build your dashboard from scratch from around 26 built-in KPS inspectors, including:

• Alerts by severity, category, time 
• Endpoints by tenant, health state, threat status
• Server overall health status 
• Tamper protection status 
• Total endpoints, total tenants

Learn More

ServerEye 

ServerEye is IT monitoring software that informs you about trends and tendencies in your customer’s systems.   

Sophos-ServerEye integration provides sensors for server/client status, infections, and alarms.

Learn More

Datto RMM

Datto RMM is a fully-featured, secure, cloud-based platform which enables MSPs to remotely monitor, manage, and support endpoints, reducing costs and increasing service delivery efficiency. 

Learn More

ConnectWise Automate

Boost your IT team’s effectiveness with Sophos-ConnectWise Automate integration.

Designed to provide a dashboard-level view of endpoint health and threat status, you can drill down into detailed views of endpoints and alerts to take real-time action. The integration also provides the ability to configure endpoint deployments across tenants.

Learn More

SolarWinds N-central

SolarWinds N-central is an RMM solution designed to help managed service providers handle complex networks with ease.

With extensive automation and in-depth configurability options, security features like antivirus and patch management, and integrated backup, N-able is built to help MSPs efficiently manage intricate networks from one easy-to-use platform. 

Learn More

NinjaRMM

NinjaRMM provides intuitive endpoint management software to managed service providers (MSPs) and IT professionals with an exceptional user experience and all the support you need to deliver fast and effective IT management. 

Learn More

Syncro MSP

Sophos integrates with the remote installation component of the combined RMM-PSA functionality of SyncroMSP.

Learn More

VSA RMM

Do more with less thanks to Sophos-VSA RMM integration.

Quickly determine endpoint health issues, then action a single endpoint or many endpoints in bulk. Retrieve a filterable list of tenants and auto-deploy configuration policies.

Filter alerts by category and severity, then action a single alert or multiple alerts at once.

Streamline deployments with CSV and installation files, auto-deployment across machine groups, or manual deployment to specific endpoints. And view audit logs to determine if installs and bulk actions have been successful.

Learn More

ConnectWise Manage

All products deployed through Sophos Central as part of the MSP Connect program are available for ConnectWise Manage integration, including Intercept X, Disk Encryption, Endpoint, Mobile, Web, Email and Wireless. 

• Sophos Central will automatically create all products in ConnectWise Manage 
• Sophos will automatically update the Agreement Addition nightly to provide up-to-date billing information on all Sophos products deployed across an MSP’s customer base 
• The integration will provide ongoing, real-time data to ConnectWise Manage 

Learn More

Datto Autotask PSA

All products deployed through Sophos Central as part of the MSP Connect Flex program are available for Datto Autotask PSA integration, including Intercept X, Disk Encryption, Endpoint, Mobile, Web, Email, Wireless, and Cloud Optix. 

Sophos Central will automatically create all products in Autotask PSA, and will automatically update the service contract nightly to provide up-to-date billing information on all Sophos products deployed across an MSP’s customer base. The integration will provide ongoing, real-time data to Autotask PSA and additionally supports manual syncs.

Learn More

Rapid7

InsightConnect is Rapid7’s security orchestration and automation response (SOAR) solution.

With it you can accelerate, streamline, and integrate your time-intensive security processes with little to no coding required by your security team.

When you use the Sophos-InsightConnect integration, you can run your multi-solution processes automatically and free up your security team’s bandwidth to tackle other challenges. 

Learn More

Cortex XSOAR

Cortex XSOAR integration supports 29 Sophos Central commands, including:

• Alert listing, retrieval, and actions
• List and scan tenant endpoints 
• Retrieve and update endpoint tamper protection information
• List, retrieve, add/update/delete allowed items, blocked items, and scan exclusions
• List, retrieve, exclude, update, and delete exploits and related mitigations

Learn More

Swimlane

Swimlane’s SOAR solution helps organizations address all security operations (SecOps) needs, including prioritizing alerts, orchestrating tools, and automating the remediation of threats—improving performance across the entire organization.

Learn More

Liongard

Sophos-Liongard integrations automate the management and protection of modern IT environments at scale for managed service providers and enterprise IT operations.

Available integration guides:

Sophos Central Inspector

Sophos SG Inspector

Sophos Firewall Inspector

Intelix-MISP

With SophosLabs Intelix-MISP integration, you get the same threat intelligence used in your Sophos products available within your MISP environment. By applying SophosLabs data to file hashes, URLs, and IPs, you can quickly and easily identify high risk events.

Learn More

Respond Software

Respond Software is the cybersecurity investigation automation company and creator of the Respond Analyst, an XDR engine built to accelerate investigations for security operations teams. 

The Sophos Collector ingests event and alert data into the Respond platform for automated analysis. 

Sumologic

Investigate rare events and long-tail threats you can't perform with a traditional SIEM.

The Sophos-Sumo Logic integration adds a data collector directly to the Sumo Logic interface and ingests Sophos Central Alert and Endpoint data