Skip to content
Find out how we support MDR.

Acronis integration

You can integrate Acronis Cyber Protect with Sophos Central so that it sends alerts to Sophos for analysis.

This page gives you an overview of the integration.

Acronis product overview

Acronis Cyber Protect is an integrated cybersecurity and data protection service. The tool has a unified security approach by combining advanced backup capabilities with proactive cybersecurity measures. It helps ensure swift recovery and continuity of operations, effectively mitigating the impact of data breaches, ransomware attacks, and system failures on business activities.

Sophos documents

Integrate Acronis Cyber Protect

What we ingest

Sample alerts seen by Sophos:

  • BackupFinishedWithWarnings
  • ProtectionServiceNotWorking
  • MaliciousEmailDetectedPerceptionPointWarning
  • BackupNotResponding
  • MaliciousUrlBlocked

We also ingest many other standard alert types.

Alerts ingested in full

We ingest everything from the Acronis Alerts endpoint /api/alert_manager/v1/alerts.

We then enrich all alerts with further details from the resources endpoint /api/resource_management/v4/resources.

Filtering

We filter only to confirm data returned is in the correct format.

Sample threat mappings

{"alertType": "BackupFinishedWithWarnings", "threatId": "T1490", "threatName": "Inhibit System Recovery"}
{"alertType": "ProtectionServiceNotWorking", "threatId": "T1562.001", "threatName": "Disable or Modify Tools"}
{"alertType": "MaliciousEmailDetectedPerceptionPointWarning", "threatId": "T1566", "threatName": "Phishing"}
{"alertType": "BackupNotResponding", "threatId": "T1490", "threatName": "Inhibit System Recovery"}
{"alertType": "MaliciousUrlBlocked", "threatId": "T1566", "threatName": "Phishing"}

Vendor documentation

Creating an API client