New Sophos Support Phone Numbers in Effect July 1st, 2023

Sophos integration with Kaseya VSA

*Note: This integrations is provided as is to support our Partners in their daily management of Sophos Endpoints.  By clicking download, you agree to the Sophos API & Plugins Terms of Use. You also acknowledge that Sophos processes personal data in accordance with the Sophos Privacy Policy.

Table of contents

 

Plugin Overview

Note: Once a Kaseya administrator authorizes the application within the Kaseya VSA instance, each Kaseya administrator needs to provide Sophos API credentials in order to use the plugin with Sophos Central. (See Installation and Setup below for more details)

Dashboard view  - Quickly determine service and health issues with endpoints.

 

Tenant View - Automatically retrieve a list of all tenants. Filter by tenant and auto-deploy configuration policies.

 

 

Endpoint View & Management - Drill into endpoints to determine issues and action a single endpoint, or many endpoints in bulk.

Actions include:

  • Forcing definitions updates
  • Enabling/Disabling tamper protection
    • Tamper protection if disabled, will be automatically enabled after a period of time
  • Deleting endpoints from Sophos Central
    • Deletion of the endpoint does not uninstall the endpoint

 

 

Alerts View & Management - Filter alerts by category and severity, then action the alert, or multiple alerts all at once.

Actions include:

  • Acknowledging the alert
    • This will remove the alert from Sophos Central
  • Cleaning a virus or threat from the affected endpoint(s)
  • Cleaning a potentially unwanted application from the affected endpoint(s)
  • Authorizing a file previously marked as potentially unwanted to run on selected endpoint(s)

 

Deployments - Upload CSV and/or Installation files, manually deploy to specific endpoints, or configure Autodeploy settings across machine groups. 

 

Audit Logs - Logging to determine if installs and bulk actions were successful.

 

 

Installation & Setup

The Beta version of this plugin is not available in the Kaseya's Automation Exchange marketplace. You will need to download the License file, then install it to your VSA application by following the directions below.

1. Navigate to System --> License Manager.

 

2. Click the 'Install' Button.

 

3. Browse to the locally saved .VSAZ file downloadable here.

 

4. Once .VSAZ file is selected you should see the below screen.

 

5. Click 'Next' through the series of screens until finished by finally selecting 'Finish'.

 

6. Once installation of the license file is completed, you should see the below screen.

 

7. Navigate to the bottom of the left hand menu and select the 'Sophos' icon.

 

8. Upon completion of the 'Sophos' Plugin installation, you will be redirected to an 'Allow' screen asking the administrator to authorize the application within the Kaseya VSA instance.  After which, you can start to browse the application from the "Overview" tab.

 

9. Navigate to the 'Settings' tab and enter your organizations API Client ID and Secret generated from within the Sophos Central Partner Dashboard, and detailed under the 'Create a Service Principal' section of our API Getting Started Guide.

 

10. Upon clicking 'Save' your credentials will be automatically validated and the Tenants, Endpoints, and Alerts sync will begin.

 

Deployment Configuration

This section describes the deployment strategy used by the plugin to install the Sophos Endpoint agent on Kaseya VSA managed Assets. 

The Sophos Security plugin for Kaseya VSA allows:

  • Manual or Automatic deployment of:
    • Windows endpoints (Desktop & Server)
    • Mac desktop endpoints

Configuration:

Auto-deployment is as simple as:

  1. Loading your Deploymenty CSV file
  2. Mapping Kaseya 'Machine Groups' or 'Organizations' to a specific Sophos Tenant
  3. Choosing the Sophos Endpoint products to be installed by Sophos Endpoint installer (Base AV, InterceptX, Managed Detection & Response, Device Encryption).

Once configured, the application will install the Sophos Endpoint Agent if the Kaseya Asset matches with the configured Machine Group/Organization for auto-deployment, and if the Sophos Endpoint Agent is not already installed.

1. Login to Sophos Central Partner Dashboard and download "Windows CSV file".

• Additionally download "Mac OS X CSV file" AND Mac OS X installer (SophosInstall.zip) to deploy Sophos Endpoint agent on Kaseya managed Mac OS X agents.

2. Login to Kaseya and navigate to 'Settings' --> 'Deployment' within the Sophos Security plugin.  Here you will see installation instructions to start the deployment setup. Click 'Next' to begin the wizard.

3. Upload CSV files that are downloaded from Sophos Central Partner Dashboard and configure the Auto deployment.  Then click 'Next' or 'Skip' if you have already uploaded files and do not want to upload it again.

* For Macs: Upload 'SophosInstall.zip' at Agent Procedures --> File Transfer --> Distribute File --> Manage Files --> Shared files. Skip this step if you do not want to deploy Sophos Endpoint agent on Kaseya managed Mac OS X agents.

 

 

4. The final screen will display an option to map Sophos Tenants to either Kaseya Machine Groups OR the Kaseya Organizations.  Add the associations and click 'Finish' to save the configuration.

 

 

Manual deployment:
Once the above deployment steps are completed, a Partner can deploy the Sophos solution manually via the 'Assets' tab from within the Sophos Security plugin, which lists the Kaseya Assets and status of Sophos Endpoint agent (installed/not installed). The application compares the hostname of Kaseya Assets and Sophos Endpoints to check if Sophos Endpoint agent is already installed.

1. Navigate to Sophos Security Solutions Plugin --> Main --> Assets. Select "Install Sophos" action then select the assets and click on Submit.

 

*Note: For both Auto deploy and Manual deployment, this application uses Kaseya Procedures to install the Sophos Endpoint Agent.

 

Troubleshooting & Logging

Troubleshooting On-prem installation issues:

Issue: You are presented with an error on installation stating there is a conflict, SSL, or generic error.

  1. Validate the SSL certificate on the VSA server is installed and adheres to minimum standards
    1. 3rd party generated and validated certificate with minimum bit length of 2048, and supporting a minimum version of TLS 1.3
  2. The  VSA server is not missing the SSL intermediate cert chain.
    1. We recommend using the SSL checker website from the VSA server to validate and get the intermediate certs installed? 
    2. here is a Microsoft KB article on installing intermediate certs into IIS to save you some hunting.
  3. Your firewall is blocking the communication from our production environment. 
    1. Open traffic to and from kaseya.int100fra.ctr.sophos.com to and from your VSA server.
    2. Ensure the following IP Addresses are whitelisted - 18.159.54.20 , 3.123.181.234 , 52.59.169.88

The Sophos plugin will keep an audit log of actions attempted and performed on Endpoints, Alerts, and Deployments
• To check Audit logs navigate to Sophos Security Solutions --> Logs --> Audit Logs

Note: It is common that 403 errors would be present for alert and endpoint retrieval of non-managed tenants.


• To check the Kaseya deployment procedure logs: Agent --> Agents --> Agent Logs --> [click on the agent name] --> Agent Admin Logs --> Procedure History.


• To get the log file of Sophos Central installation: Agent Procedures --> File Transfer --> Get File --> [click on the agent name] --> Click on SophosCentralInstall.log.

*Note: This log file will be created once the installation process is complete and the information synced to the Kaseya application, which could take up to 45 minutes.

 

Help & Support

Please use the Feedback & Issues tab of this community post to report any issues or request support.

Unfiltered HTML