This Splunk App leverages the Sophos Central API to collect events and alert notifications from registered endpoints and devices. The application provides an overview dashboard and fields conforming to CIM 4.8 Malware_* You will need to obtain an API key from your Sophos Central account. On first run the setup screen will prompt you to configure the app with your account details See https://github.com/nickhills81/sophos_central/blob/master/README.md for details on obtaining your credentials. About Sophos Central Sophos Central is a web-hosted solution which offers protection for users across all their devices and for servers and is the tool that lets administrators manage protection, enforce policies, take action against threats, and generate reports.