API health status and how it relates to Sophos Central UI health status

Hi,

When I query the endpoints API for health status "bad" no results are returned however there are many servers in Sophos Central that appear with health status "bad" or "medium".  What is the relationship between the API health statuses and the health status in the UI?

In the UI the statuses I see are

Good (a green check mark)

Bad (a red check mark)

Medium (an orange caution mark)

In the API (https://developer.sophos.com/docs/endpoint-v1/1/routes/endpoints/get) I see the options to query for:

bad

good

suspicious

unknown

As a side note, I got no results when I queried for "bad" or "suspicious" with the API but "unknown" appeared to return what I saw in the UI as "bad" and "medium" so I created a script to delete them all (they are old devices that no longer exist).  My script deleted ALL my devices from Central UI (good, bad, medium).  So, apparently, "unknown" in the API = ALL OF MY SERVERS no matter their health status in the Central UI.  Tyvm!

To anyone else reading this post.  Be ware the health status query in the Endpoints API!  It does not align with what you see in the Sophos Central UI!  Test thoroughly!

Parents Reply Children
No Data