Thread Info
  • State Suggested Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 6 replies
  • Answers 1 answer
  • Subscribers 15 subscribers
  • Views 13470 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Central API to get Status

Chris Harland

Are there any API calls I can make that would retrieve asset status.  I'd like to automate a pull of assets and asset metadata, including protection status, last logged in user and last central activity of those assets to compare with other asset registers.  The API seems more event focussed, which is transient data, I am more interested in state data, some of which is influenced by event data.

This would help with licensing and gap analysis. 



This thread was automatically locked due to age.
Parents Reply Children
  • 0 in reply to Haridoss Sreenivasan

    Thanks for your reply but I don't see the answers I was looking for.  

     

    The API documentation is all around SIEM integration, which is basically an event feed.  I am not currently looking for an event feed, I'm looking for data such as how many devices we have which are in an unprotected state, (known by sophos and not known by sophos which would come from correlation with feeds from another product), so what I need is an asset register export from Sophos, which can be done via the interface.

    I'm also interested in pulling other reports via the API from the reporting system, which we could of course do by collecting all the SIEM data and generating reports based on that, but its a much larger job than if we could just get reporting data direct from the API.

  • 0 in reply to Chris Harland

    Hi Chris, 

    In this case, I suggest you to login to Partner Portal to manage the subscriptions.

    Haridoss Sreenivasan
    Technical Support Engineer | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  |  Video tutorials
    Remember to like a post.  If a post (on a question thread) solves your question use the 'This helped me' link.

  • 0 in reply to Chris Harland

    I have been after similar functionality.

    I have written script sto extract soem data from the API and poupalte a local DB, which I then query for Monthly useage reports.

    My latest issue is not being able to enumerate users though, and I am struggling to find a solution :(

  • 0 in reply to Haridoss Sreenivasan

    We're also in need of a way to retrieve current status on various elements in Sophos Central. The CSV file available in the Alerts page in Sophos Central is a good example of status/information that would be useful for external monitoring software.

    Are there any future plans for implementing this in the API?

  • 0 in reply to Irios

    I agree with all of the above and actually created a feature request for this some time ago.

     

    We absolutely need some way to directly query the status of a device via REST. Aggregating the SIEM output is fine, but does not solve the same need.

     

    The feature request is here: ideas.sophos.com/.../17968792-increased-api-functionality

Unfiltered HTML