Advisory: Support Portal Maintenance. Login is currently unavailable, more info available here.
I'm developing an integration between Sophos Central (Endpoint Protection) and another service, and one of the API endpoints I go to is the detected exploits one.
I am able to access the endpoint for listing and getting a single object, but I don't have any objects to parse. Is there a way to create detected exploits to fetch with the API?
Hi Lior Dahan1,
There currently isn't a way to create a dummy entry for parsing of the return data. I will talk to the PM about this and see what we can do. The current only way is to actually generate a detection on the machine.
Snr. New Product Introduction Engineer | CISSP | Sophos Technical SupportSupport Videos | Product Documentation | @SophosSupport | Sign up for SMS AlertsIf a post solves your question use the 'Verify Answer' link.
Thanks for the answer!
If it is impossible to generate a dummy, can you guide me on how to generate a detection even if it's real?
You can use these to have a secure test and trigger an event:
or you search for common ransomware testfiles like "Locky" or "Wannacry" at your own risk. I'm not allowed to share these files directly here as we have to follow the community guidelines. Please be aware that running malicious files could harm your system. Consider using a virtual machine to run them. Don't forget to enable Sophos products on the testing devices and be aware that you've secured your VM environment like networking isolation and disabling Copy&Paste, etc.
IntrususSophos Certified Engineer | Sophos Certified Technician
private lab: XG firewall with SFOS 18.0.3 MR-3Intercept X Advanced (for Server) with EDR EAP latest If a post solves your question use the 'Verify Answer' link
I did run some of the files in the links and they do get picked up as alerts, but whenever I query the detected exploit REST endpoint it is empty.
Detected Exploits are specific to the Intercept X elements and can't be triggered easily. I have reached out to the PM to see if we can provide a solution for this - even if it is dummy seed data into the account. I will keep you advised.