# Sophos Integration

## Resmo + Sophos Integration Fundamentals

<figure><img src="https://709615783-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FYrzxpMpCQh51K4O99y0o%2Fuploads%2Fd6RxJAUSuFzRrQYQcWTu%2Fsophos-logo.png?alt=media&#x26;token=12e83c4a-10ed-43f4-b5e2-60d791aff31c" alt=""><figcaption></figcaption></figure>

Resmo integrates with Sophos to ensure the security and compliance of your Sophos environment.

### What does Resmo offer to Sophos users?

* Collect and monitor all your Sophos assets on a single platform.&#x20;
* Automate security and compliance checks of your Sophos resources like endpoints, users, and roles.
* Get notified of vulnerabilities in real-time via your favorite channels like Slack, email, OpsGenie, or webhook.
* Query your Sophos assets using SQL or free text search and get real-time, up-to-date answers

### How does the integration work?

Once you sign up to Resmo, you can easily integrate your account with Sophos using your Sophos client ID and client secret. It is recommended to create a read-only user account specifically for this integration. Resmo uses API to do the initial polling and collect existing resources. Then, we receive resource changes and updates in real-time through regular polling.

{% hint style="info" %}
**Required API key permissions for integration:**

* View Endpoint
* View Endpoint Policies
* View Health Checks
* View Users
* View Roles
  {% endhint %}

#### Available resources

{% embed url="<https://resources.resmo.com/sophos>" %}

## Integration walkthrough

### How to install

1. Select Sophos on the Integrations page of your Resmo account.
2. Click the Add Integration button at the bottom right corner of the opening modal.

<figure><img src="https://709615783-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FYrzxpMpCQh51K4O99y0o%2Fuploads%2FB5yWuWHB0Ngcrz4ovN9M%2Fadd-sophos.png?alt=media&#x26;token=03b2b933-a7a1-4fb5-b9a6-181503d0340e" alt=""><figcaption></figcaption></figure>

3. Sign in to **Sophos Central Partner** on a new tab, click '**Settings & Policies**', then click the "**API Credentials**" link.&#x20;

<figure><img src="https://709615783-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FYrzxpMpCQh51K4O99y0o%2Fuploads%2F79HurNSC1uKY6ofPHbT0%2Fapi-credentials-sophos.png?alt=media&#x26;token=03fb4875-5f15-4199-82f6-3d5bd693eb2a" alt=""><figcaption></figcaption></figure>

4. Add a new set of credentials with at least read only role and click 'Copy' to note down the client ID and client secret.&#x20;

<figure><img src="https://709615783-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FYrzxpMpCQh51K4O99y0o%2Fuploads%2FSbXvwML21eXG9HHKorTo%2Fapi-credentials-summary.png?alt=media&#x26;token=5934d7d7-a06b-4b90-bb4a-2591c796c82a" alt=""><figcaption></figcaption></figure>

5. Enter the client ID and client secret on the integration screen's respective fields.&#x20;

<figure><img src="https://709615783-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FYrzxpMpCQh51K4O99y0o%2Fuploads%2F6if9TwQApVGWPaTAgMiJ%2Fedit-api.png?alt=media&#x26;token=cd3adb0f-bf1e-44fe-95a4-b83b122c528c" alt=""><figcaption></figcaption></figure>

6. Hit the Create button, and you are ready to run queries.

### How to uninstall

1. Select Sophos on your Integrations page.
2. Navigate to the Connected Integrations tab on the opening modal.
3. Click the Sophos integration you want to uninstall.
4. To temporarily pause the integration, click the **Disable** button from the top right. This way, you can enable it back later. For permanent deletion, click the **Delete** button instead. Note that this action cannot be undone.

<figure><img src="https://709615783-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FYrzxpMpCQh51K4O99y0o%2Fuploads%2F2vHSHchRFRJqebOBssT0%2Fdelete-disable-sophos-integration.png?alt=media&#x26;token=27852b3d-d665-49b1-9a63-540952ac7d5e" alt=""><figcaption></figcaption></figure>