Sophos Central protocol configuration options
To receive events from Sophos Central, configure a log source to use the Sophos Central protocol.
The Sophos Central protocol is a cloud-based protocol that combines payload information from application control logs, device control logs, data control logs, tamper protection logs, and firewall logs.
The following table describes the parameters for the Sophos Central protocol:
| Parameter | Description |
|---|---|
| Protocol Configuration | Sophos Central |
| Log Source Identifier |
Type a unique name for the log source. The Log Source Identifier can be any valid value and does not need to reference a specific server. The Log Source Identifier can have the same value as the Log Source Name. If you have more than one configured log source per DSM, ensure to give unique name to each log source. |
| Authentication URL | The Authentication URL configured on your Sophos Central appliance to get the access token. |
| Tenant URL | The Tenant URL configured on your Sophos Central appliance to get the Tenant ID. |
| Client ID | The Client ID is a public identifier that is used by auth API for authentication. |
| Client Secret | The Client Secret is used to ensure that the user is authorized to obtain an access token. |
| Hostname | The Hostname configured on your Sophos Central appliance to access the API. |
| Events | Switch on the Events toggles if you want to capture events. Events are records of activities or occurrences that are related to the security operations within your network and devices that are managed by Sophos Central. |
| Alerts | Switch on the Alerts toggle if you want to capture alerts. Alerts are notifications that are generated by Sophos Central when certain predefined conditions or thresholds are met. Alerts indicate potential security issues that require attention. |
| Limits | The Limit is the maximum number of records to be returned. The default value is 200, and maximum value is 1000. |
| Recurrence | Specify how often the log source collects data. The value can be in Minutes (M), Hours (H), or Days (D). The default value is 5 minutes. |
| EPS Throttle | The limit for the maximum number of events per second (EPS) for events that are received from the API. The default is 5000. |