Sophos is taking the next step forward toward putting the capabilities of auto-response in the hands of our partners and customers. With the latest Sophos Central API release you will now have the ability to programmatically isolate infected machines from your network ultimately achieving the fastest possible response to an outbreak.
For complete details, see our What’s New post in our developer portal, as well as the individual APIs as linked below:
- Endpoint Isolation – Ability to remove an endpoint from the network and restore it when the threat has been cleared
- Isolation Exclusions – Ability to allow certain critical applications to continue to run over specified ports regardless of device isolation
- Endpoint Query – Query for all isolated endpoints, or receive isolation status of a single endpoint
- All isolated endpoints
- ?isolationStatus=(isolated/notIsolated)
- Isolation status of a single endpoint
- isolation
- status : (isolated/notIsolated)
- All isolated endpoints