It would be nice to have an integration between IBM Soar and Sophos Central to collect all the events, alerts and XDR logs.
A SOC team would have a better overview to check the security level of the infrastructure.
IBM Soar I assume is QRadar integration. QRadar has a SIEM integration for the on-prem SEC product,https://www.ibm.com/docs/en/dsm?topic=sophos-enterprise-console but not for the Sophos Central product yet. To build one we would need to leverage the QRadar Universal Cloud Connector, which can pull in data via an API, but requires a custom integration (DSM).
Can you add more information on the use case?
The IBM security SOAR is different from IBM Qradar. Is it possible to integrate the IBM SOAR with Sophos Central Cloud in order to have a quicker response following an incident?
Regarding the Qradar integration, is there a KB for the configuration of the Universal Cloud Connector and the creation of a custom DSM?