Sophos Central

Sophos Central

Perch integrates with Sophos Central to ingest logs for all of your Sophos products. You will need to create an API Token for Perch in Sophos Central Admin so that your data can be accessed via the Sophos Central APIs. Once the API Token is created, simply provide the credentials in your Perch Integration Settings and your logs will be collected automatically.

Generate API Key

  1. Login to your Sophos Central Admin Portal.
  2. Navigate to Global Settings > API Token Management.
  3. Click Add Token.
  4. Name the token (e.g. Perch Integration) and save.

You will see an API Token Summary with your API Key and Authorization credentials.

API Token Summary

Configure Perch

The credentials Perch needs for the integration settings are the API Access URL and the Headers. Copy and paste the values into the respective boxes in your Perch Integration Settings.

From the Settings page for your Organization,

  1. Install the Sophos Central integration.
  2. Copy the API Access URL and the Headers into their respective fields in the Configuration Panel. You can use the copy button next to the two fields in the Sophos Central Admin to make this easier.
  3. (Optional) If desired, fill in the API Token Expiration Date. Perch will notify you if your token is expired when you check your settings.
  4. Click “Save and Test.”
  5. Toggle “Enable Sophos Central event log collection” and click “Save.”

Like all Perch integrations, you can enable or disable AWS CloudTrail log ingestion at any time by toggling the switch from “OFF” (gray) to “ON” (purple), or the other way around.

Perch Integration Configuration

Excluding Noisy Logs

Sophos Central can provide a great deal of log information via its API, even for small and frequent events like updates or configuration changes. If this is creating too many logs in your Perchybana space, you can toggle “Exclude Noisy Log Types” and click “Save” to reduce the amount of logs that Perch will ingest.

These events will be ignored:

  1. Compliant and non-compliant devices
  2. Device - alerted Only
  3. Update failure and success
  4. Scan complete
  5. Monitored application allowed
  6. Web control violations
  7. Web filtering blocked

Still having trouble? Reach out to one or our specialists at