You must have the "Network" integrations license pack to use this feature.
You can integrate Thinkst Canary with Sophos Central so that it sends data to Sophos for analysis.
This integration is API-based.
The key steps are as follows:
- Get details of your Canary service.
- Generate an API token in Canary.
- Add an integration in Sophos Central.
Get details of Canary service
You'll need the following details:
- The base URL for your service. This is in the form
https://<org-domain>.canary.tools. You use the Domain Hash in place of
<org-domain>to create your unique base URL.
- An Auth Token.
To get this information, do as follows:
- Sign in to your Thinkst Canary Console.
- Click the Gear icon, then Global Settings.
- Click API and Enable API.
An Auth Token and Domain Hash are created for you.
Copy these to use later in Sophos Central.
Add an integration
To integrate Canary with Sophos Central, do as follows:
- In Sophos Central, go to Threat Analysis Center and click Integrations.
Click Thinkst Canary.
If you've already set up integrations of this type, you see them here.
If this is the first integration you've added, we'll ask for details about your internal domains and IPs. See My domains and IPs.
In Integration steps, you configure an API to collect data from Canary.
- Enter a name and a description for the integration.
Create your base URL by adding your Domain Hash in the front of the Canary domain.
For example if your Domain Hash in the Canary Console is
375hd8af, your base URL is
Enter this URL in Base URL.
- Enter the Auth Token into Authentication token.
We create the integration and it appears in your list.
If your integration shows as Connected, your data should appear in the Sophos Data Lake after validation.