Skip to content
Find out how we support MDR.

Integrate AppOmni

You must have the Public Cloud integrations license pack to use this feature.

You can integrate AppOmni with Sophos Central so that it sends data to Sophos for analysis.

This is an API integration. You need an API token from AppOmni.

The key steps are as follows:

  • Get an API token and base URL from AppOmni. The API token is the "Access Token".
  • Configure an integration in Sophos Central.

Get an API token and base URL

To get the API token, do as follows:

  1. In your AppOmni instance, go to Settings > API Settings.
  2. Click + Add Application.

    1. Name the application "Sophos Connection".
    2. Add a description.
  3. Click Create new OAuth application.

  4. In the Actions column, click the three dots and select Manage Tokens.
  5. Click + OAuth Token in the upper-right corner of the page.
  6. Set the Expiry date.

    1. Choose an expiry date 5 years from today.
    2. Add a short description.
  7. Click Save.

  8. Copy the Access Token and the Refresh Token and store them securely.

Now look up your AppOmni base URL.

To form the base URL, AppOmni add the instance name, which is usually your organization name, to the URL, like this: https://<your-organization>.appomni.com.

Configure an integration

To integrate AppOmni with Sophos Central, do as follows:

  1. In Sophos Central, go to Threat Analysis Center > Integrations > Marketplace.
  2. Click AppOmni.

    The AppOmni page opens. You can configure integrations here and see a list of any you've already configured.

  3. In Data Ingest (Security Alerts), click Add Configuration.

    Note

    If this is the first integration you've added, we'll ask for details about your internal domains and IPs. See Provide your domain and IP details.

  4. In Integration steps, do as follows:

    1. Enter a name and a description for the integration.
    2. Enter the Base URL you looked up earlier.
    3. Enter the API token.
    4. Click Save.

We create the integration and it appears in your list. If the status icon shows Healthy, your data should appear in the Sophos Data Lake after validation.