Perch integrates with Sophos Central to ingest logs for all of your Sophos products. You will need to create an API Token for Perch in Sophos Central Admin so that your data can be accessed via the Sophos Central APIs. Once the API Token is created, simply provide the credentials in your Perch Integration Settings and your logs will be collected automatically.
You will see an API Token Summary with your API Key and Authorization credentials.
The credentials Perch needs for the integration settings are the API Access URL and the Headers. Copy and paste the values into the respective boxes in your Perch Integration Settings.
From the Settings page for your Organization,
Like all Perch integrations, you can enable or disable AWS CloudTrail log ingestion at any time by toggling the switch from “OFF” (gray) to “ON” (purple), or the other way around.
Sophos Central can provide a great deal of log information via its API, even for small and frequent events like updates or configuration changes. If this is creating too many logs in your Perchybana space, you can toggle “Exclude Noisy Log Types” and click “Save” to reduce the amount of logs that Perch will ingest.
These events will be ignored: