Skip to content
Find out how we support MDR.

Thinkst Canary

API

You must have the Network integrations license pack to use this feature.

You can integrate Thinkst Canary with Sophos Central so that it sends data to Sophos for analysis.

This integration is API-based.

The key steps are as follows:

  • Get details of your Canary service.
  • Generate an API token in Canary.
  • Configure an integration in Sophos Central.

Get details of Canary service

You'll need the following details:

  • The base URL for your service. This is in the form https://<org-domain>.canary.tools. You use the Domain Hash in place of <org-domain> to create your unique base URL.
  • An Auth Token.

To get this information, do as follows:

  1. Sign in to your Thinkst Canary Console.
  2. Click the Gear icon, then Global Settings.
  3. Click API and Enable API.
  4. An Auth Token and Domain Hash are created for you.

    Copy these to use later in Sophos Central.

Configure an integration

To integrate Canary with Sophos Central, do as follows:

  1. In Sophos Central, go to Threat Analysis Center > Integrations > Marketplace.
  2. Click Thinkst Canary.

    The Thinkst Canary page opens. You can configure integrations here and see a list of any you've already configured.

  3. In Data Ingest (Security Alerts), click Add Configuration.

    Note

    If this is the first integration you've added, we'll ask for details about your internal domains and IPs. See My domains and IPs.

  4. In Integration steps, you configure an API to collect data from Canary.

    1. Enter a name and a description for the integration.
    2. Create your base URL by adding your Domain Hash in the front of the Canary domain.

      For example if your Domain Hash in the Canary Console is 375hd8af, your base URL is https://375hd8af.canary.tools.

    3. Enter this URL in Base URL.

    4. Enter the Auth Token into Authentication token.
  5. Click Save.

We create the integration and it appears in your list. If the status icon shows Healthy, your data should appear in the Sophos Data Lake after validation.

More information