Sophos XDR Public APIs

Extending our open ecosystem approach, we’ve introduced two new APIs to enable organizations to integrate Sophos XDR data seamlessly into existing security operations tools and workflows. 

Customers and partners with established security operations programs can use these new APIs to surface threat detections and case investigation details from the Sophos XDR platform in their Security Information and Event Management (SIEM), Professional Services Administration (PSA), and IT Service Management (ITSM) tools, providing the flexibility to leverage these existing investments.

  • Accelerate investigation and response
    Enable automated workflows that leverage Sophos XDR detections and case details.

  • Centralize analysis of security telemetry
    Correlate Sophos XDR detections with alerts and telemetry from other data sources.

  • Enrich with third-party threat intelligence
    Augment Sophos XDR detections with additional threat intelligence for added context.

Developer documentation: Detections API | Cases API