1. Log in on the Sophos Central UI
2. Click on the Global Settings option.
3. Click on the API Management credentials option to create the credentials for API use.
4. Click on Add Credential .
5. Create a personal Credential with the Service Principal Super Admin Role.6. You will see something like the following. Save your Client Secret in a secure place.
Lumu encrypts this information both in transit and at rest to ensure token confidentiality is maintained.
1. Log in to your Lumu account through the Lumu Portal and navigate to the available apps screen.
2. Locate the Sophos Endpoint Protection integration in the available apps area, then click Add to view details.
3. Familiarize yourself with the integration details available in the app description and click the button below to activate the integration.
Do not modify the “Lumu IOCs” tag name under Website Management or the Blocked Item list records.4. Add a Name, and select the Threat Types that you want to push to your Sophos Control cloud. If you want to include IP indicators, you should select the option “ Include IP indicators “. Finally, click on the Next button.
The integration adds URLs, domains, and file hashes by default.5. Fill in the Client ID, and the Client Secret for that account. Finally, click on the Next button.Lumu will validate if the credentials provided are correct.
6a. Here you will see your
Tenant ID
and the corresponding
base URL
of your Tenant.
6b. You will need to select the
Tenant Name
that you want to work with.
7. The integration is now created and active. Now, the Lumu Portal will display the details of the created integration:
The final step to set up this automated response integration is to configure Sophos to block the threats detected by Lumu. To do so, follow these steps in your Sophos Central Web console to configure your Sophos policies to block navigation to the Lumu tag.