Skip to content
Find out how we support MDR.

Thinkst Canary

API

Identifies potential bad actors with access to your network.

This integration is API-based.

The key steps are as follows:

  • Get details of your Canary service.
  • Generate an API token in Canary.
  • Add an integration in Sophos Central.

Get details of Canary service

You'll need the following details:

  • The base URL for your service. This is in the form https://<org-domain>.canary.tools. You use the Domain Hash in place of <org-domain> to create your unique base URL.
  • An Auth Token.

To get this information, do as follows:

  1. Sign in to your Thinkst Canary Console.
  2. Click the Gear icon, then Global Settings.
  3. Click API and Enable API.
  4. An Auth Token and Domain Hash are created for you.

    Copy these to use later in Sophos Central.

Add an integration

To integrate Canary with Sophos Central, do as follows:

  1. In Sophos Central, go to Threat Analysis Center and click Integrations.
  2. Click Thinkst Canary.

    If you've already set up integrations of this type, you see them here.

  3. Click Add integration.

    Note

    If this is the first integration you've added, we'll ask for details about your internal domains and IPs. See My domains and IPs.

  4. In Integration steps, you configure an API to collect data from Canary.

    1. Enter a name and a description for the integration.
    2. Create your base URL by adding your Domain Hash in the front of the Canary domain.

      For example if your Domain Hash in the Canary Console is 375hd8af, your base URL is https://375hd8af.canary.tools.

    3. Enter this URL in Base URL.

    4. Enter the Auth Token into Authentication token.
  5. Click Save.

We create the integration and it appears in your list.

If your integration shows as Connected, your data should appear in the Sophos Data Lake after validation.

More information