Skip to content
Find out how we support MDR.

Broadcom - Symantec Endpoint Security


Beta integrations are provided " AS IS " and free of charge during the beta phase. All use of beta integrations is at your sole discretion, and any use is subject to Sophos End User Terms of Use.

You can integrate Symantec Endpoint Security with Sophos Central so that it sends data to Sophos for analysis.

This integration is API-based.

The key steps are as follows:

  • Get details of your Symantec Endpoint Security service.
  • Generate a client application in Symantec Endpoint Security.
  • Add an integration in Sophos Central.

Get details of your Symantec Endpoint Security service

You'll need the following details:

  • The base URL for your service
  • A client ID
  • A client secret

You generate the client ID and client secret when you add a client application in Symantec Endpoint Security.

Add a client application

To add a client application, do as follows:

  1. Sign in to the Symantec Endpoint Security console.
  2. Click Integrations > Client Applications.
  3. Click Add.
  4. Enter an application name and click Add.

    The client application details appear. Make a note of the Client ID.

  5. Select the permissions the integration will need. To do this, in the Investigation section, under Incident, select View.

  6. Click Save.
  7. Click the ellipsis (three dots) next to the application and select Client Secret.

    The client application authorization details are shown.

  8. Make a note of the client secret.

    You don’t need to copy the OAuth credentials or create a bearer token. We'll do that for you when you add the integration in Sophos Central.

Configure an integration

To integrate Symantec Endpoint Security with Sophos Central, do as follows:

  1. In Sophos Central, go to Threat Analysis Center > Integrations > Marketplace.
  2. Click Broadcom - Symantec Endpoint Security.

    The Broadcom - Symantec Endpoint Security page opens. You can configure integrations here and see a list of any you've already configured.

  3. In Data Ingest (Security Alerts), click Add Configuration.


    If this is the first integration you've added, we'll ask for details about your internal domains and IPs. See My domains and IPs.

  4. In Integration steps, you configure an API to collect data from Symantec Endpoint Security.

    1. Enter the Integration name and Integration description.
    2. Enter the Base URL.
    3. Enter the following information you found in the Symantec Endpoint Security console:

      • Client ID
      • Client secret
  5. Click Save.

We create the integration and it appears in your list. If its status icon shows a green tick, your data should appear in the Sophos Data Lake after validation.