Skip to content
Find out how we support MDR.

Page permalink

Always use the following permalink when referencing this page. It will remain unchanged in future help versions.

https://docs.sophos.com/central/customer/help/en-us/index.html?contextId=armis-overview

Armis integration

API Network

You can integrate Armis with Sophos Central so that it sends alerts to Sophos for analysis.

This page gives you an overview of the integration.

Armis product overview

Armis is an asset intelligence and security platform that provides visibility and security for all connected devices, including IoT, OT, and medical devices. It helps organizations discover, monitor, and secure their entire asset landscape, reducing cyber risk and ensuring operational resilience.

Sophos documents

Integrate Armis

What we ingest

Sample alerts seen by Sophos:

Vulnerable Device Detected - Windows VERSION Vulnerable to EternalBlue

Alerts ingested in full

[
  {
    "dateAdded": "2025-03-27T15:19:47.895Z",
    "alertType": "Vulnerable Device Detected - Windows VERSION Vulnerable to EternalBlue",
    "threatId": "T1021.002",
    "threatName": "SMB/Windows Admin Shares",
    "threatType": "",
    "threatLevel": "",
    "comment": "",
    "mitreAtt&ckVersion": "v8"
  }
]

Filtering

We filter only to confirm data returned is in the correct format. We don't drop any alerts.

Sample threat mappings

{"alertType": "Vulnerable Device Detected - Windows VERSION Vulnerable to EternalBlue", "threatId": "T1021.002", "threatName": "SMB/Windows Admin Shares"}