|
1. Enable API on your Sophos Cloud Optix Account
2. Download and Install the latest version of PostMan for your OS
3. Authentication/Authorization
- Open Postman
- File → New Tab
- Select "GET" and enter the URI for an optix API endpoint E.g. https://optix.sophos.com/api/v1/whitelistIPs
- In the "Authorization" pane, select "None" or "Inherit auth from parent"
- In the "Headers" pane, set a header with the following key-value pair
- Key: Authorization
- Value: ApiKey <API_KEY_VALUE>
- Click on "Send" to submit the request
- The response should be displayed in the body section below
4. API Examples
a. GET - Alert Count Example
- Method: GET
- URI: https://optix.sophos.com/api/v1/alerts/count
- HEADERS
- Key: Authorization
- Value: ApiKey <API_KEY_VALUE>
- Click on "Send"
- The number of alerts will be shown in the "Body" section below
- To filter the response using parameters, for example, adding the parameter below will show a count of only suppressed alerts (The full list of parameters can be found in the API documentation)
- PARAMS
- Key: states
- Value: SUPPRESS
- Click on "Send"
- The response will be displayed in the "Body" section below
- PARAMS
- PARAMS (The example below will show a filtered list of Azure alerts that are related to the CIS benchmark)
- Key: providerList
- Value: Azure
- Key: policyTagList
- Value: CIS
- Key: providerList
- Click on "Send"
- The response will be displayed in the "Body" section below
b. GET - Alerts Example
- Method: GET
- URI: https://optix.sophos.com/api/v1/alerts
- HEADERS
- Key: Authorization
- Value: ApiKey <API_KEY_VALUE>
- PARAMS
- Key: page
- Value: 1
- Key: size
- Value: 1
- Key: page
- Click on "Send"
c. POST - IP Whitelist Example
- Method: POST
- URI: https://optix.sophos.com/api/v1/whitelistIPs
- HEADERS
- Key: Authorization
- Value: ApiKey <API_KEY_VALUE>
- BODY
- RAW
- JSON (application/json)
- Paste the following:
{ "accountIds": null, "data": { "ips": [ "1.1.1.1", "2.2.2.2" ] } } |
- Click on "Send"
- You should see no errors in the response in the "Body" section
- You can verify in the Sophos Optix console under Settings → IP whitelist