Recommended Agent: On-Premise
Supported Agents: On-Premise or Self-Hosted
Is Auto-Discovered By: N/A
Can Auto-Discover: N/A
Parent/Child Type Inspector: No
Inspection via: API
Data Summary: Here
Video isn't playing? Click here.
- Navigate to "Definitions & Users" > "Users & Groups" and then click "New User"
- Fill in the Username and Real name fields with "liongard"
- Set Authentication to Local and set a password
- Make this user a member of the Read-Only group so that "liongard" has read-only access
- This user will be used later only to map the API token in later steps
- Enable the REST API on Sophos SG by going to Management > WebAdmin Settings > RESTful API.
- Click the checkbox to enable the API, and then create a new API token.
- Map the token to the "liongard" user you created in the earlier step.
- Save this token for later when setting up the Sophos SG Liongard Inspector.
In Liongard, navigate to Admin > Inspectors > Navigate to the Sophos SG Inspector > Select Add System.
Fill in the following information:
- Environment: Select the Environment this System should be associated to
- Friendly Name: Suggested "Sophos SG [Environment Name]"
- Agent: Select the On-premise Agent installed for this Environment or the Self-Hosted Agent
- Inspector Version: Latest
- IP Address: Input the IP address of the Sophos SG firewall
- Port: Input the Port for the Sophos SG firewall. The Sophos default is 4444.
- Token: Input the Token from the steps above.
- Scheduling: The Inspector will default to run once a day at the time the Inspector is set up. Here you can adjust the schedule
Select Save. The Inspector will now be triggered to run within the minute.
If you have any issues with connectivity after setting up the Inspector, then you may need to whitelist the IP of the Agent running the Inspector to allow access to the Sophos SG firewall.
We recommend deploying the Sophos SG Inspector using an On-Premise Agent. However, if a client network is serverless, you can deploy and whitelist a Self-Hosted Agent and use that Agent to run the Inspector. Please review this documentation for more information.
This Inspector runs on Port 4444.
If you would like this Inspector's data to be sent to ConnectWise and/or IT Glue, turn on Flexible Assets/Configurations for this Inspector:
- ConnectWise: Admin > Integrations > ConnectWise > Configuration Types > Confirm the "Configuration Auto-Updating" toggle is enabled
- IT Glue: Admin > Integrations > IT Glue > Flexible Assets > Confirm the "Flexible Asset Auto-Updating" toggle is enabled
Updated 2 months ago