Skip to main content

Announcing StackOne Defender: leading open-source prompt injection guard for your agent Read More

Connect

Connectors Agent Auth MCP Connector Builder

Optimize

Tool Discovery Falcon Engine

Secure

Defender
Connectors

HRIS / HCM

Employee Onboarding Employee Offboarding

Recruiting

Application Screening Interview Scheduling

Customer Support

Ticket Triage Voice Call Summarization

Sales & CRM

Deal Risk Scoring Lead Qualification

Accounting & Finance

Invoice Processing Month-End Accruals

Marketing

Campaign Reports Lead Nurture Sequences
View All AI Agent Use Cases

Developers

Docs Changelog Status

Learn

Blog Case Studies Events Partners
Pricing
Login Book Demo Start Free
Connectors Sophos Central
Live 54 Actions

Sophos Central Integration for AI Agents

Connect your AI agent to 54 production-ready Sophos Central actions via MCP, A2A, or SDK — with agent authentication, optimized tool-calling execution, and built-in security.

Start Free Book Demo Sophos Central MCP Server
StackOne
DrataGPLocalyzeFlipMindtoolsScreenloop

Sophos Central AI Agent Actions

54 production-ready actions for your agent to do more on Sophos Central.

Start Free Book a Demo Sophos Central MCP server
54 Actions
List Admins - Retrieve a paginated list of tenant administrators from Sophos Central
Get Admin - Retrieve details of a specific tenant administrator by ID
Create Admin - Promote an existing user to tenant admin with role assignments
Delete Admin - Remove an admin (demote user back to regular user)
Assign Role To Admin - Assign a role of principal type "user" to a tenant admin (overrides any existing assignment)
Revoke Role From Admin - Revoke a role assignment from an admin
List Alerts - Retrieve a paginated list of alerts from Sophos Central
Get Alert - Retrieve details of a specific alert by ID
Act On Alert - Perform an action on a specific alert
Search Alerts - Search alerts using POST body for advanced filtering
List Endpoint Groups - Retrieve a paginated list of endpoint groups
Get Endpoint Group - Retrieve details of a specific endpoint group by ID
Create Endpoint Group - Create a new endpoint group
Update Endpoint Group - Update an endpoint group's name or description
Delete Endpoint Group - Delete an endpoint group (endpoints are not deleted)
List Endpoints In Group - Retrieve all endpoints belonging to a specific endpoint group
Add Endpoints To Group - Add one or more endpoints to an endpoint group
Remove Endpoints From Group - Remove one or more endpoints from an endpoint group
List Endpoints - Retrieve a paginated list of endpoint devices from Sophos Central
Get Endpoint - Retrieve details of a specific endpoint device by ID
Delete Endpoint - Delete an endpoint device from Sophos Central
Trigger Update Check - Force an endpoint to check for agent updates
Get Endpoint Isolation Status - Get network isolation status for a specific endpoint
Get IAM Credentials (Me) - Retrieve the current Sophos Central service principal identity via the whoami endpoint. Returns auth type (service_user) and the tenant/partner/org ID. OAuth scopes are not applicable — Sophos uses role-based access on service principals.
List IAM Groups - List Sophos Central directory user groups mapped to the StackOne IAM unified group schema. Returns id, name, description, and timestamps. Type is pinned to "group" (Sophos has one flat group concept).
Get IAM Group - Retrieve a single Sophos Central directory user group by ID, mapped to the StackOne IAM unified group schema.
List IAM Roles - List all Sophos Central tenant roles (predefined and custom) mapped to the StackOne IAM unified role schema. Returns role name, description, and type synthesized from the role name.
Get IAM Role - Retrieve a single Sophos Central role by ID, mapped to the StackOne IAM unified role schema.
List IAM Users - List Sophos Central directory users mapped to the StackOne IAM unified user schema. Returns identity fields (id, name, email) and timestamps. Roles are not available on the directory endpoint and are intentionally omitted; groups membership is not returned inline.
Get IAM User - Retrieve a single Sophos Central directory user by ID, mapped to the StackOne IAM unified user schema. Supports expand=groups to include group membership inline.
List Policies - Retrieve all security policies configured for the tenant
Get Policy - Retrieve details of a specific policy by ID
Create Policy - Create a new security policy
Update Policy - Update an existing policy's settings, assignments, or metadata
Delete Policy - Delete a security policy
List Roles - Retrieve all tenant roles from Sophos Central
Get Role - Retrieve details of a specific role by ID
List Permission Sets - Retrieve all available permission sets
List User Groups - Retrieve a paginated list of user groups from Sophos Central
Get User Group - Retrieve details of a specific user group by ID
Create User Group - Create a new user group in the Sophos Central directory
Update User Group - Update an existing user group's details
Delete User Group - Delete a user group from the Sophos Central directory
List Users In Group - Retrieve all users belonging to a specific user group
Add Users To Group - Add one or more users to a user group
Remove Users From Group - Remove one or more users from a user group
List Users - Retrieve a paginated list of directory users from Sophos Central
Get User - Retrieve details of a specific directory user by ID
Create User - Create a new user in the Sophos Central directory
Update User - Update an existing directory user's details
Delete User - Delete a user from the Sophos Central directory
List Groups Of User - Retrieve all user groups that a specific user belongs to
Add User To Groups - Add a user to one or more user groups
Remove User From Groups - Remove a user from one or more user groups

Do More, Build Less

Integration Infrastructure for Sophos Central AI Agents

Multiple Interfaces

Access integrations via API, AI SDKs, MCP & A2A.

Sophos Central MCP server
Managed Authentication

Pre-built authentication UI.

Agent auth
Falcon Engine

Every Sophos Central action runs on Falcon.

Agent Execution Engine
StackOne Defender
StackOne Defender Meta PG v1 Meta PG v2 DeBERTa 88.7% 67.5% 63.1% 56.9% Detection accuracy

88.7% prompt injection detection.

Prompt injection defense

"What impressed us most about StackOne is its ambition and clarity. They're creating infrastructure that modern software and the entire AI agent ecosystem can rely on. The depth of secure integrations, the pace of delivery, and the team's foresight into AI's future uniquely position StackOne to redefine this category."

Luna Schmid, Partner at GV

"We've been impressed by how quickly and deeply StackOne integrates with complex enterprise systems -- and now, with their focus on agent-to-agent interoperability, they're unlocking even more powerful use cases for customers. StackOne delivers all of the above in a universal layer -- without compromise."

Barbry McGann, SVP at Workday Ventures

G2 - High Performer G2 - Easiest To Do Business With G2 - Users Love Us G2 - Users Most Likely To Recommend G2 - Easiest Admin

Product Teams Love Building Agent Integrations With StackOne

G2

More AI Agent Integrations Like Sophos Central

Sophos Central Agent Integration Resources

Agentic Context Engineering: Why AI Agents Kill Their Own Context Windows

AI agents exceed their context windows without knowing it. Six failure patterns and seven survival architectures for agentic context engineering.

15 min

MCP Code Mode: Keeping Tool Responses Out of Agent Context

Anthropic's code_execution processes data already in context. Custom MCP code mode keeps raw tool responses in a sandbox. 14K tokens vs 500.

11 min

Comparing BM25, TF-IDF, and Hybrid Search for MCP Tool Discovery

Benchmarking BM25, TF-IDF, and hybrid search for MCP tool discovery across 916 tools. The 80/20 TF-IDF/BM25 hybrid hits 21% Top-1 accuracy in under 1ms.

10 min

Put your AI agents to work

All the tools you need to build and scale AI agent integrations, with best-in-class connectivity, execution, and security.

Start Free Book Demo