Latest Version 1.1.7
August 11, 2025
Warning
Splunkbase Classic has been deprecated and will be deactivated on February 18, 2026.
Sophos Central
# Sophos Central Data Ingestor The official Sophos developed and supported application for Sophos Central
Built by
Compatibility
Splunk Enterprise, Splunk Cloud
Platform Version: 10.1, 10.0, 9.4, 9.3, 9.2, 9.1, 9.0, 8.2, 8.1, 8.0
Rating
0
(0)
Log in to rate this app
Support
Developer Supported addon
# Sophos Central Data Ingestor
The official Sophos developed and supported application for Sophos Central
##Functionality
This app will allow you to select and ingest multiple Sophos Central data sources without the need of an accompanying script. Includes Data from the below endpoints. and conforms to the CIM 4.x data model.
* Central Endpoints API
* Central Alerts API
* Central SIEM Events API
## Requirements
Requires a Sophos API Service Principal account for authentication see our getting started guide for details on API credential creation.
* Getting Started for Enterprise Customers: https://developer.sophos.com/getting-started-organization
* Getting Started for Partners: https://developer.sophos.com/getting-started
* Getting Started for Tenants: https://developer.sophos.com/getting-started-tenant
* Add-on Installation Guide: https://community.sophos.com/sophos-integrations/w/integrations/109/splunk-add-on-for-sophos-central
* Feedback and Support Forum: https://community.sophos.com/sophos-integrations/f/splunk-apps-for-central-and-sophos-firewall
Use the accompanying Sophos Dashboard App to get insightful dashboards across Central Data, XG data, or both if using both date sources: https://splunkbase.splunk.com/app/6188/
Categories
IT Operations, Security, Fraud & Compliance
Created By
Sophos Integrations
Type
addon
Downloads
4,716
Splunk Answers
Ask a question about this app listing(Opens new window)Resources
Log in to report this app listing