Getting Started with Cloud Optix API using cURL

 

1. Enable API on your Sophos Cloud Optix Account

  • Go to https://optix.sophos.com/
  • Settings → Integrations → Sophos Cloud Optix
    • Generate new key
    • Select expiry date (6 months, 1 year or Never)
    • Save
  • The API key will be downloaded as a text file

2. Authentication/Authorization

curl -X GET \
  optix.sophos.com/.../whitelistIPs \
  -H 'Authorization: ApiKey <API_KEY>'

3. API Examples

a. GET - Alert Count Example

  • The example below gets the unfiltered alert count in Optix
curl -X GET \
  optix.sophos.com/.../count \
  -H 'Authorization: ApiKey <API_KEY>'
  • The example below gets a filtered list of suppressed alerts in Optix
curl -X GET \
  'optix.sophos.com/.../count \
  -H 'Authorization: ApiKey <API_KEY>'
  • The example below gives a filtered list of Azure CIS alerts on Optix
curl -X GET \
  'optix.sophos.com/.../count \
  -H 'Authorization: ApiKey <API_KEY>'

 

b. GET - Alerts Example

  • The example below returns one alert from the first page of alerts in Optix
curl -X GET \
  'optix.sophos.com/.../alerts \
  -H 'Authorization: ApiKey <API_KEY>'

 

c. POST - IP Whitelist Example

  • The example below shows how to add IP whitelist to Optix using data supplied directly on the command line
curl -X POST \
  optix.sophos.com/.../whitelistIPs \
  -H 'Authorization: ApiKey <API_KEY>' \
  -H 'Content-Type: application/json' \
  -d '{
  "accountIds": null,
  "data": {
    "ips": [
      "2.2.2.2",
      "3.3.3.3"
    ]
  }
}'

 

d. POST - IP Whitelist Example (using JSON file)

  • The example below shows how to add IP whitelist to Optix using data supplied in a JSON file
# Create a JSON file with the following content
{
  "accountIds": null,
  "data": {
    "ips": [
      "2.2.2.2",
      "3.3.3.3"
    ]
  }
}

# Post the request and reference the JSON file. E.g. If the file is called "ipwhitelist.json"

curl -X POST \
  optix.sophos.com/.../whitelistIPs \
  -H 'Authorization: ApiKey <API_KEY>' \
  -H 'Content-Type: application/json' \
  -d @ipwhitelist.json