Sophos Central
This document provides the steps required to configure the Sophos Central Inspector
Quick Details
Recommended Agent: On-Demand
Supported Agents: On-Demand or Self-Managed
Is Auto-Discovered By: N/A
Can Auto-Discover: Sophos Central Child Inspectors
Parent/Child Type Inspector: Yes
Inspection via: API
Data Summary: Here
Overview
Liongard's Sophos Central Inspector returns details, like licensing, deployment, and more, about Sophos endpoint protection software, managed from Sophos Central.
Untied Tenants
Liongard does not currently support having Sophos Central Inspectors run against tenants not tied to the parent account.
See it in Action
Inspector Setup Preparation
API Key Expiration
Sophos Central sets a 36-month duration for all API Keys. Once an API Key expires, this process will need to be performed again.
Create the API Key
- Log in to your Sophos Central account: Sophos Central Partner Login
- Navigate to Settings & Policies on the left-hand side
- Navigate to API credentials
- Select Add Credential in the top-right corner of the page
- Create a Credential name for your credential (Suggested Naming: Liongard_API)
- Select Service Principal Super Admin as the Role and select Add
- Copy the Client ID and Secret Key as you will need them in Liongard Inspector Setup.
API Secret Key
Make sure to save/record the key somewhere secure as it will only be shown once.
Liongard Inspector Setup
Parent Inspector Setup
Since Sophos Central is a multi-tenant system where a single portal is used to manage many Environments, you will set up a single "Parent" Inspector with the access credentials for your Sophos Central portal that will then auto-discover "Child" Inspectors for each Environment.
In Liongard, navigate to Admin > Inspectors > Inspector Types > Navigate to the Sophos Central Inspector > Select Add System.
Fill in the following information:
- Type of Inspector: Parent
- Environment: Select your MSP's Environment
- Friendly Name: Suggested Naming: [MSP Name] Sophos Central Parent
- Agent: Select On-Demand Agent
- Inspector Version: Latest
- Client ID: Enter the Client ID created in Inspector Setup Preparation
- Client Secret: Enter the Client Secret created in Inspector Setup Preparation
- Scheduling: The Inspector will default to run once a day at the time the Inspector is set up. Here you can adjust the schedule
Select Save. The Inspector will now be triggered to run within the minute.
Step 2: Child Inspector Setup
After the first run of the Parent Inspector, your client Sophos Central Environments will be Auto-Discovered in the Discovered Systems tab on the Inspectors > Sophos Central page.
Navigate to the Discovered Systems tab in your Inspectors > Sophos Central page
- Activate your Discovered Systems by ensuring they're mapped to the correct Environment > Select the checkbox to the left of Inspector(s) > Select the Actions drop-down menu > Activate Launchpoints.
- Users may also Archive Discovered Systems by Selecting the checkbox to the left of the Inspector(s) > Select the Actions drop-down menu > Archive Launchpoints.
Optional: Turn on Flexible Asset/Configuration Auto-Updating
If you would like this Inspector's data to be sent to ConnectWise and/or IT Glue, turn on Flexible Assets/Configurations for this Inspector:
- ConnectWise: Admin > Integrations > ConnectWise > Configuration Types > Confirm the "Configuration Auto-Updating" toggle is enabled
- IT Glue: Admin > Integrations > IT Glue > Flexible Assets > Confirm the "Flexible Asset Auto-Updating" toggle is enabled
Sophos Central Quick Tips/FAQs
- How do I resolve an "Unidentified error for call: 403 on the call/endpoint/v1/endpoints?pageTotal=true"?
This is a known issue with Sophos Central's API. To resolve this issue,
- Navigate to the Account Details in the partner's Sophos Central portal.
- Navigate to the Sophos Support tab.
- Toggle the Partner's Assistance off. Select Save.
- Toggle the Partner's Assitance on. Select Save.
- Then, rerun the Liongard Liongard Inspector.
If the steps above do not resolve the issue, regenerating a brand new API key often resolves the problem as well.
Updated about 1 year ago