Sophos

The CrowdSec Sophos integration connects CrowdSec's hosted blocklist endpoint to your Sophos firewall.
Sophos calls this feature Third-Party Threat Feeds, which enable you to integrate external sources of IP addresses, domains, and URLs involved in threat activity.

Ensure your Sophos device supports Third-Party Threat Feeds.
The vendor documentation is available in the References section below.

Create a Sophos Integration Endpoint

1- Create an integration
2- Remediation Component
3- Save your credentials
4- Subscribe to blocklists

Step 1 — Create an integration in the CrowdSec Console

In your CrowdSec Console account, navigate to the Blocklist tab in the top menu bar, then select the Integrations sub-menu. Choose the integration type you need, then click Connect.

If you don't have a CrowdSec Console account, sign up here. On mobile, use the menu icon in the top-right corner, tap Blocklist, then Integrations.

Step 3 — Copy your credentials

The credentials shown next are displayed only once. Copy them before closing this screen. If you lose your credentials, you can regenerate them via Configure → Regenerate Credentials on the integration page.

With this HTTPS endpoint and Basic Auth credentials, you can verify the endpoint with any HTTP client, for example:

curl -u 'usr:pass' https://admin.api.crowdsec.net/v1/integrations/$integID/content

Raw IP List Integration Credentials Screen

Manage integration size limits with pagination

If you want to learn how to manage integration size limits with pagination, please refer to the Managing integrations size limits with pagination section.

References

Next Steps

Subscribe to blocklists in the Blocklist Catalog to populate your integration.

Create a Sophos Integration Endpoint​

Step 1 — Create an integration in the CrowdSec Console​

Step 2 — Fill in integration details​

Step 3 — Copy your credentials​

Step 4 — Subscribe to Blocklists​

Manage integration size limits with pagination​

References​

Next Steps​