Getting Started with Cloud Optix API using PostMan

 

1. Enable API on your Sophos Cloud Optix Account

  • Go to https://optix.sophos.com/
  • Settings → Integrations → Sophos Cloud Optix
    • Generate new key
    • Select expiry date (6 months, 1 year or Never)
    • Save
  • The API key will be downloaded as a text file

2. Download and Install the latest version of PostMan for your OS

3. Authentication/Authorization

  • Open Postman
  • File → New Tab

  • In the "Authorization" pane, select "None" or "Inherit auth from parent"

  • In the "Headers" pane, set a header with the following key-value pair
  • Key: Authorization
  • Value: ApiKey <API_KEY_VALUE>

  • Click on "Send" to submit the request

  • The response should be displayed in the body section below

4. API Examples

a. GET - Alert Count Example

  • The number of alerts will be shown in the "Body" section below

  • To filter the response using parameters, for example, adding the parameter below will show a count of only suppressed alerts (The full list of parameters can be found in the API documentation)
    • PARAMS
      • Key: states
      • Value: SUPPRESS
    • Click on "Send"
    • The response will be displayed in the "Body" section below

  • PARAMS (The example below will show a filtered list of Azure alerts that are related to the CIS benchmark)
    • Key: providerList
      • Value: Azure
    • Key: policyTagList
      • Value: CIS
  • Click on "Send"
  • The response will be displayed in the "Body" section below

b. GET - Alerts Example

c. POST - IP Whitelist Example

{
  "accountIds": null,
  "data": {
    "ips": [
      "1.1.1.1",
      "2.2.2.2"
    ]
  }
}
  • Click on "Send"

  • You should see no errors in the response in the "Body" section

  • You can verify in the Sophos Optix console under Settings → IP whitelist