Documentation Center
AlienVault® USM Anywhere™

Configuring the AlienApp for Sophos Central

  Role Availability   Read-Only   Analyst   Manager

With a configured connection between the AlienApp for Sophos Central on a deployed USM Anywhere Sensor and your Sophos Central environment, the predefined log collection jobs perform scheduled API queries for Sophos events or alerts. When USM Anywhere collects and analyzes the first of these, the normalized events are available on the Events page.

Required Connectivity on the USM Anywhere Sensor

An AlienApp operates through a deployed USM Anywhere Sensor. In order to use the AlienApp for Sophos Central, there is an additional port that you must open on the sensor to support its functions.

Port Endpoint Function
443 api1.central.sophos.com/gateway/siem/v1/events Collect event data from Sophos Central
443 api1.central.sophos.com/gateway/siem/v1/alerts Collect alert data from Sophos Central

Configuration for the Sophos Central Connection

To enable AlienApp for Sophos Central functionality within USM Anywhere, you must configure the AlienApp by providing a valid Sophos Central API token. With a successful connection to your Sophos Central environment, the AlienApp for Sophos Central log collection jobs query the API every 20 minutes for event and/or alert information. It parses all collected data and displays it as Events and Alarms in USM Anywhere.