Sophos Central

This document provides the steps required to configure the Sophos Central Inspector

👍

Quick Details

Recommended Agent: On-Demand
Supported Agents: On-Demand or Self-Hosted
Is Auto-Discovered By: N/A
Can Auto-Discover: Sophos Central Child Inspectors
Parent/Child Type Inspector: Yes
Inspection via: API
Data Summary: Here

Overview

Liongard's Sophos Central Inspector returns details, like licensing, deployment, and more, about Sophos endpoint protection software, managed from Sophos Central.

❗️

Untied Tenants

Liongard does not currently support having Sophos Central Inspectors run against tenants not tied to the parent account.

See it in Action

Video isn't playing? Click here.

Inspector Setup Preparation

❗️

API Key Expiration

Sophos Central sets a 36-month duration for all API Keys. Once an API Key expires, this process will need to be performed again.

Create the API Key

  1. Log in to your Sophos Central account: Sophos Central Partner Login
  2. Navigate to Settings & Policies on the left-hand side
16741674
  1. Navigate to API credentials
16741674
  1. Select Add Credential in the top-right corner of the page
16741674
  1. Create a Credential name for your credential (Suggested Naming: Liongard_API)
  2. Select Service Principal Super Admin as the Role and select Add
22262226

Add a description if desired

  1. Copy the Client ID and Secret Key as you will need them in Liongard Inspector Setup.

🚧

API Secret Key

Make sure to save/record the key somewhere secure as it will only be shown once.

16801680

Make sure to save the secret key as it will only be showed once

Liongard Inspector Setup

Parent Inspector Setup

Since Sophos Central is a multi-tenant system where a single portal is used to manage many Environments, you will set up a single "Parent" Inspector with the access credentials for your Sophos Central portal that will then auto-discover "Child" Inspectors for each Environment.

In Liongard, navigate to Admin > Inspectors > Navigate to the Sophos Central Inspector > Select Add System.

Fill in the following information:

  • Type of Inspector: Parent
  • Environment: Select your MSP's Environment
  • Friendly Name: Suggested Naming: [MSP Name] Sophos Central Parent
  • Agent: Select On-Demand Agent
  • Inspector Version: Latest
  • Client ID: Enter the Client ID created in Inspector Setup Preparation
  • Client Secret: Enter the Client Secret created in Inspector Setup Preparation
  • Scheduling: The Inspector will default to run once a day at the time the Inspector is set up. Here you can adjust the schedule

Select Save. The Inspector will now be triggered to run within the minute.

Step 2: Child Inspector Setup

After the first run of the Parent Inspector, your client Sophos Central Environments will be Auto-Discovered in the Discovered Systems tab on the Inspectors > Sophos Central page.

Navigate to the Discovered Systems tab in your Inspectors > Sophos Central page

  • Activate your Discovered Systems by ensuring they're mapped to the correct Environment > Select the checkbox to the left of Inspector(s) > Select the Actions drop-down menu > Activate Launchpoints.
  • Users may also Archive Discovered Systems by Selecting the checkbox to the left of the Inspector(s) > Select the Actions drop-down menu > Archive Launchpoints.

Optional: Turn on Flexible Asset/Configuration Auto-Updating

If you would like this Inspector's data to be sent to ConnectWise and/or IT Glue, turn on Flexible Assets/Configurations for this Inspector:

  • ConnectWise: Admin > Integrations > ConnectWise > Configuration Types > Confirm the "Configuration Auto-Updating" toggle is enabled
  • IT Glue: Admin > Integrations > IT Glue > Flexible Assets > Confirm the "Flexible Asset Auto-Updating" toggle is enabled

Sophos Central Quick Tips/FAQs

  • How do I resolve an "Unidentified error for call: 403 on the call/endpoint/v1/endpoints?pageTotal=true"?
    This is a known issue with Sophos Central's API. To resolve this issue,
  1. Navigate to the Account Details in the partner's Sophos Central portal.
  2. Navigate to the Sophos Support tab.
  3. Toggle the Partner's Assistance off. Select Save.
  4. Toggle the Partner's Assitance on. Select Save.
  5. Then, rerun the Liongard Liongard Inspector.

If the steps above do not resolve the issue, regenerating a brand new API key often resolves the problem as well.

Inspector FAQs