Hi,
When I query the endpoints API for health status "bad" no results are returned however there are many servers in Sophos Central that appear with health status "bad" or "medium". What is the relationship between the API health statuses and the health status in the UI?
In the UI the statuses I see are
Good (a green check mark)
Bad (a red check mark)
Medium (an orange caution mark)
In the API (https://developer.sophos.com/docs/endpoint-v1/1/routes/endpoints/get) I see the options to query for:
bad
good
suspicious
unknown
As a side note, I got no results when I queried for "bad" or "suspicious" with the API but "unknown" appeared to return what I saw in the UI as "bad" and "medium" so I created a script to delete them all (they are old devices that no longer exist). My script deleted ALL my devices from Central UI (good, bad, medium). So, apparently, "unknown" in the API = ALL OF MY SERVERS no matter their health status in the Central UI. Tyvm!
To anyone else reading this post. Be ware the health status query in the Endpoints API! It does not align with what you see in the Sophos Central UI! Test thoroughly!
