Sophos Central has secured APIs for SIEM integration and other purposes. These allow the retrieval of event and alert data for use in other systems.
If you wish to write your own integration for SIEM or other purposes, we have documentation on the APIs and you may find our existing SIEM integration script a useful starting point. See, Sophos Central APIs: How to send alert and event data to your SIEM.
You can download Swagger documentation on the API here.
You can view the downloaded Swagger file using the Swagger Editor.
NOTE: Sophos Support is available only for the APIs and our unmodified script. We cannot provide advice and troubleshooting for customer created integrations. Your Sophos partner may provide such services, and arrange to involve Sophos’ own Professional Services team if you need assistance beyond Sophos Support’s remit.
Applies to the following Sophos products Sophos Central Admin
If you've spotted an error or would like to provide feedback on this article, please use the section below to rate and comment on the article. This is invaluable to us to ensure that we continually strive to give our customers the best information possible.
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. For technical support post a question to the community. Or click here for new feature/product improvements. Alternatively for paid/licensed products open a support ticket.