Armis integration
You can integrate Armis with Sophos Central so that it sends alerts to Sophos for analysis.
This page gives you an overview of the integration.
Armis product overview
Armis is an asset intelligence and security platform that provides visibility and security for all connected devices, including IoT, OT, and medical devices. It helps organizations discover, monitor, and secure their entire asset landscape, reducing cyber risk and ensuring operational resilience.
Sophos documents
What we ingest
Sample alerts seen by Sophos:
Vulnerable Device Detected - Windows VERSION Vulnerable to EternalBlue
Alerts ingested in full
[
{
"dateAdded": "2025-03-27T15:19:47.895Z",
"alertType": "Vulnerable Device Detected - Windows VERSION Vulnerable to EternalBlue",
"threatId": "T1021.002",
"threatName": "SMB/Windows Admin Shares",
"threatType": "",
"threatLevel": "",
"comment": "",
"mitreAtt&ckVersion": "v8"
}
]
Filtering
We filter only to confirm data returned is in the correct format. We don't drop any alerts.
Sample threat mappings
{"alertType": "Vulnerable Device Detected - Windows VERSION Vulnerable to EternalBlue", "threatId": "T1021.002", "threatName": "SMB/Windows Admin Shares"}