Skip to content
Find out how we support MDR.

Deploy a VM for integrations

When you integrate some third-party products with Sophos Central, you need a VM to collect data from them and forward it to Sophos.

After you've configured and downloaded an OVA for the integration, deploy it as described below. Then you can configure the third-party product to send data to it.


The OVA file is verified with Sophos Central, so it can only be used once. After it's been deployed, it can't be used again.

If you have to deploy a new VM, you must recreate the OVA file in Sophos Central. Go to Threat Analysis Center and add the integration again.

On your ESXi host, do as follows:

  1. Select Virtual Machines.
  2. Click Create/Register VM.

    Create/Register VM tab

  3. In Select creation type, select Deploy a virtual machine from an OVF or OVA file. Click Next.

    Select creation type

  4. In Select OVF and VMDK files, do as follows:

    1. Enter the VM name.
    2. Click the page to select files. Select the OVA file you've downloaded.
    3. Click Next.

    Select OVA file

  5. In Select storage, select Standard. Click Next.

    Select storage

  6. In Deployment options, in SYSLOG enter the address that the third-party product will send data to. Click Next.

    Deployment options

  7. Skip the Additional settings step.

  8. Click Finish. Wait for the new VM to appear in the VMs list. This can take a few minutes.

    Ready to complete

  9. Power on the VM and wait for installation to complete. This can take up to 10 minutes.

  10. In Sophos Central, go to the Integrations page for the product you're integrating and refresh it. The VM's status is now Connected.

    Integration status