Sophos
Visualize Sophos endpoint agents and protected devices, map agents to devices and their respective owners, and monitor changes through queries and alerts.
- Installation guide
- Sophos data model
Installation
To use this integration, JupiterOne requires Client Credentials to a Sophos Tenant account. Obtaining those credentials is described in Sophos' official docs under the 'Create Service Principal' section. At the very end, you'll have a Client ID and a Client Secret that you can use to integrate with JupiterOne.
Configuration in JupiterOne
To install the Sophos integration in JupiterOne, navigate to the Integrations tab in JupiterOne and select Sophos. Click New Instance to begin configuring your integration, providing the following:
Account Name used to identify the Sophos tenant account in JupiterOne.
Description to assist in identifying the integration instance, if desired.
Polling Interval that you feel is sufficient for your monitoring needs. You may leave this as
DISABLED
and manually execute the integration.
Click Create once all values are provided to finalize the integration.
Next steps
Now that your integration instance has been configured, it will begin running on the polling interval you provided, populating data within JupiterOne. Continue on to our Instance management guide to learn more about working with and editing integration instances.
Data Model
Entities
The following entities are created:
Resources | Entity _type | Entity _class |
---|---|---|
Account | sophos_account | Account |
Alert | sophos_alert | Alert |
Device | sophos_device | Device |
Endpoint | sophos_endpoint | HostAgent |
Endpoint Group | sophos_endpoint_group | Group |
Policy | sophos_policy | AccessPolicy |
Role | sophos_role | AccessRole |
Sophos Common | sophos_common | Service |
Sophos Endpoint Protection | sophos_endpoint_protection | Service |
User | sophos_user | User |
User Group | sophos_user_group | UserGroup |
Relationships
The following relationships are created:
Source Entity _type | Relationship _class | Target Entity _type |
---|---|---|
sophos_account | HAS | sophos_common |
sophos_account | HAS | sophos_endpoint_protection |
sophos_alert | ASSIGNED | sophos_endpoint |
sophos_alert | ASSIGNED | sophos_endpoint_group |
sophos_alert | ASSIGNED | sophos_user |
sophos_alert | ASSIGNED | sophos_user_group |
sophos_common | HAS | sophos_role |
sophos_common | HAS | sophos_user_group |
sophos_endpoint | HAS | sophos_alert |
sophos_endpoint | PROTECTS | sophos_device |
sophos_endpoint_group | HAS | sophos_endpoint |
sophos_endpoint_protection | HAS | sophos_endpoint |
sophos_user | HAS | sophos_endpoint |
sophos_user_group | HAS | sophos_user |