/
Setting up ATR for Sophos Central ATR

Setting up ATR for Sophos Central ATR

Mar 17, 2026

In critical situations, when ATR is active, Barracuda XDR can isolate affected network-connected Sophos Central endpoints through the Sophos Central API. To shut down common attacker footholds and reduce containment time, ATR:

  • Limits the host’s network access

  • Isolates devices to contain threats in real time, and

  • Terminates active sessions on the device.

For more information about Automated Threat Response (ATR), see Setting up ATR .

You can exclude individual endpoints from ATR actions by adding a tag of no_atr to the endpoint in Sophos Central.

Setup Requirements 

You must have: 

  • An Enabled Sophos Central Integration in the Barracuda XDR Dashboard

  • Administrator Access to Sophos Central

  • Endpoint(s) Connected to Sophos Central

Create a dedicated user account

Create a privileged user account to enable the API to contain and lift containment on connected endpoints.

Reference Sophos Central

  1. In Sophos Central, navigate to General Settings > API Credentials Management.

  2. Click Add Credential

  3. Provide a credential name.
    NOTE Use a name and description that describe the account's purpose.

  4. Assign the role Service Principal Management to enforce least privilege.

  5. Save the Credential ID and Credential Secret.

Credentials automatically expire every 36 months

To configure ATR in Barracuda XDR Dashboard 

  1. In Barracuda XDR Dashboard, click ATR Settings > Endpoint.

  2. In the Endpoint table, click the Sophos Central row.

  3. Click Edit Config.

  4. In the Edit Config dialog box, paste the Credential ID and Credential Secret created earlier.

  5. Click Save.

We value your feedback.
If you have questions, suggestions, or feedback on our documentation, contact the Campus Product Documentation team.
For general product inquiries or technical support, please contact the global Barracuda Support team.