.svg?width=185&quality=80&auto=webp&format=auto&cache=true&immutable=true&cache-control=max-age%3D31536000 "Home"){kind=logo}
.svg?width=13&quality=80&auto=webp&format=auto&cache=true&immutable=true&cache-control=max-age%3D31536000 "Top Navigation - Sign in - Icon")
.avif?width=1024&quality=80&auto=webp&format=auto&cache=true&immutable=true&cache-control=max-age%3D31536000 "HIPAA - Banner with Media - Background")
Sophos Integrations and APIs
Easily automate monitoring, security, and administration activities in Sophos Central.
Unable to load Content Cards II
Firewall
Auvik
Sophos Firewall integration with Auvik provides cloud-based network monitoring and management software. Automate complex network tasks for today’s changing workforce.
Business Intelligence/IT Monitoring
BrightGauge
Choose from two default dashboards to manage your alerts, endpoints, and tenants or build your dashboard from scratch from around 26 built-in KPS inspectors, including:
- Alerts by severity, category, time
- Endpoints by tenant, health state, threat status
- Server overall health status
- Tamper protection status
- Total endpoints, total tenants
ServerEye
ServerEye is IT monitoring software that informs you about trends and tendencies in your customer’s systems.
Sophos-ServerEye integration provides sensors for server/client status, infections, and alarms.
Remote Monitoring & Management (RMM)
Datto RMM
Datto RMM is a fully-featured, secure, cloud-based platform which enables MSPs to remotely monitor, manage, and support endpoints, reducing costs and increasing service delivery efficiency.
ConnectWise Automate
Boost your IT team’s effectiveness with Sophos-ConnectWise Automate integration.
Designed to provide a dashboard-level view of endpoint health and threat status, you can drill down into detailed views of endpoints and alerts to take real-time action. The integration also provides the ability to configure endpoint deployments across tenants.
SolarWinds N-central
SolarWinds N-central is an RMM solution designed to help managed service providers handle complex networks with ease.
With extensive automation and in-depth configurability options, security features like antivirus and patch management, and integrated backup, N-able is built to help MSPs efficiently manage intricate networks from one easy-to-use platform.
NinjaRMM
NinjaRMM provides intuitive endpoint management software to managed service providers (MSPs) and IT professionals with an exceptional user experience and all the support you need to deliver fast and effective IT management.
Syncro MSP
Sophos integrates with the remote installation component of the combined RMM-PSA functionality of SyncroMSP.
VSA RMM
Do more with less thanks to Sophos-VSA RMM integration.
Quickly determine endpoint health issues, then action a single endpoint or many endpoints in bulk. Retrieve a filterable list of tenants and auto-deploy configuration policies.
Filter alerts by category and severity, then action a single alert or multiple alerts at once.
Streamline deployments with CSV and installation files, auto-deployment across machine groups, or manual deployment to specific endpoints. And view audit logs to determine if installs and bulk actions have been successful.
Professional Services Automation (PSA)
ConnectWise Manage
All products deployed through Sophos Central as part of the MSP Connect program are available for ConnectWise Manage integration, including Intercept X, Disk Encryption, Endpoint, Mobile, Web, Email and Wireless.
- Sophos Central will automatically create all products in ConnectWise Manage
- Sophos will automatically update the Agreement Addition nightly to provide up-to-date billing information on all Sophos products deployed across an MSP’s customer base
- The integration will provide ongoing, real-time data to ConnectWise Manage
Datto Autotask PSA
All products deployed through Sophos Central as part of the MSP Connect Flex program are available for Datto Autotask PSA integration, including Intercept X, Disk Encryption, Endpoint, Mobile, Web, Email, Wireless, and Cloud Optix.
Sophos Central will automatically create all products in Autotask PSA, and will automatically update the service contract nightly to provide up-to-date billing information on all Sophos products deployed across an MSP’s customer base. The integration will provide ongoing, real-time data to Autotask PSA and additionally supports manual syncs.
Security Operations And Response (SOAR)
Rapid7
InsightConnect is Rapid7’s security orchestration and automation response (SOAR) solution.
With it you can accelerate, streamline, and integrate your time-intensive security processes with little to no coding required by your security team.
When you use the Sophos-InsightConnect integration, you can run your multi-solution processes automatically and free up your security team’s bandwidth to tackle other challenges.
Cortex XSOAR
Cortex XSOAR integration supports 29 Sophos Central commands, including:
- Alert listing, retrieval, and actions
- List and scan tenant endpoints
- Retrieve and update endpoint tamper protection information
- List, retrieve, add/update/delete allowed items, blocked items, and scan exclusions
- List, retrieve, exclude, update, and delete exploits and related mitigations
Swimlane
Swimlane’s SOAR solution helps organizations address all security operations (SecOps) needs, including prioritizing alerts, orchestrating tools, and automating the remediation of threats—improving performance across the entire organization.
IT Documentation
Liongard
Sophos-Liongard integrations automate the management and protection of modern IT environments at scale for managed service providers and enterprise IT operations.
Available integration guides:
Threat Intelligence Platform
Intelix-MISP
With SophosLabs Intelix-MISP integration, you get the same threat intelligence used in your Sophos products available within your MISP environment. By applying SophosLabs data to file hashes, URLs, and IPs, you can quickly and easily identify high risk events.
Security Information & Event Management (SIEM)
Respond Software
Respond Software is the cybersecurity investigation automation company and creator of the Respond Analyst, an XDR engine built to accelerate investigations for security operations teams.
The Sophos Collector ingests event and alert data into the Respond platform for automated analysis.
Sumologic
Investigate rare events and long-tail threats you can't perform with a traditional SIEM.
The Sophos-Sumo Logic integration adds a data collector directly to the Sumo Logic interface and ingests Sophos Central Alert and Endpoint data
Cloud
Security Operations
- Splunk
- Microsoft Teams
- PagerDuty
- Amazon Inspector
- Azure Sentinel (SIEM)
- Amazon SNS
- Slack
- AWS Systems Manager
CI/CD DevOps Tools
- Cloud Optix Rest API
- Azure Resource Manager (ARM)
- Bitbucket
- Amazon Elastic Container Registry
- AWS Cloud Formation
- GitHub
- Terraform
- Jenkins
- Microsoft Azure Container Registry
- Docker Hub Registry
Cloud Providers
- Amazon Detective
- AWS Systems Manager +Server
- AWS Security Hub +Server
- AWS Secrets Manager +Firewall
- Azure Advisor
- AWS IAM Access Analyzer
- Amazon Elastic File System
- AWS Cloud Formation +Firewall
- Azure Resource Manager (ARM)
- Amazon Inspector
- AWS Trusted Advisor
- Amazon Autoscaling
- Amazon Elastic Container Registry
- Microsoft Azure Container Registry
- Amazon SNS
- AWS CloudTrail
- Amazon CloudWatch +Server
- Azure Sentinel (SIEM)
Ticketing
- JIRA
- ServiceNow
Sophos Central APIs
Automate your security and management workflows with Sophos Central APIs
The Sophos Public API program makes it easy to automate monitoring, security, and administration activities in Sophos Central
Sophos Community
Check out the Sophos Community to find answers to your questions and stay up to date!
Threat Intelligence APIs
SophosLabs Intelix lets you leverage the technology behind SophosLabs through a suite of RESTful APIs.