3CX DLL-Sideloading attack: What you need to know
Are there any plans on the roadmap to expose (possibly read-only) data about individual protection policies for each tenant?
Things like scheduled scan date, per-policy exclusions, computer/group scoping, etc.
Hi,
I'm sorry but I am not sure what you are requesting here. Are you asking for an API path where you give a TenantID and get back all the policies that have been created in that tenant with a list of machines it is assigned to?
Right now, you can pull out the policy information on a per machine basis with the paths in the Endpoint API. Is that the information you are looking for?
RichardP
Program Manager, Support Readiness | CISSP | Sophos Technical SupportSupport Videos | Product Documentation | @SophosSupport | Sign up for SMS AlertsIf a post solves your question use the 'Verify Answer' link.
Bumping this since its been almost two weeks since I responded.
yes, that is the official channel.
Hello Trevor and Skylar, I can shed some light on our plans for policy based APIs. If I were to classify the requests here, it looks like we have two requests.
At current, we do not have plans for reporting API, however recognize this functionality is important to our customer base and are actively discussing what a full suite of reporting APIs and functionality would look like, and where it would fall on our backlog.
Now, for some good new! We are currently in active development on a full set of policy management APIs at the tenant level, which are currently due to release early in the first quarter of the 2021 calendar year. This will include functionality for policy retrieval and management across:
Initial release will cover the ability to:
Woohoo!
Thank you for the update and info, I can't wait to see the new endpoints when they become available.
Hi Trevor, just to be clear, these aren't enhancements to the Endpoint APIs, they are policy API's at the tenant level, that will cover retrieval and update of endpoint policy functions.
Yeah, I would expect they'd land in the Common or Tenant API?
I have been tracking the new Central API docs pretty closely as I've been working on a C# library for building some reporting and "quality of life" tools. Simple stuff like quickly pulling endpoint Tamper Protection codes, ad-hoc start a scan, etc. As well as hopefully finishing up a SIEM exporter based on the new Alert endpoint(s) in the Common API.
This is great information, we always love to hear what our partners and customers are building with our APIs. If you're interested in an extended conversation around what's coming and for us to also get some feedback from you, please feel free to ping me via direct message and we can set up a chat in the new year.
Can someone please let me know if this feature was implemented? I don't see this functionality in the API documentation and we are past the estimated release timeframe. Thanks
Hi Matthew, Unfortunately, as is often the case in the product management world, we did have to pause the Policy management API development as an emergency high priority item came in this summer that we had to shift the teams to work on. We are planning on resuming this initiative toward the end of the year, but I don't have any better dates I can provide for you at this time.
is there any update?As there is no option to ex-/import exclusions via GUI, I want to use the API to import often used exclusions for servers e. g.
Thank you.
No worries, take as much time as you need. Will be a really great API toolset to have once it's finished.