Thread Info
  • State Verified Answer
  • Replies 7 replies
  • Subscribers 6 subscribers
  • Views 10030 views
  • Users 0 members are here
Options
Suggested

Query Endpoint by Hostname

Beth Johnson

How do I build an endpoint query by hostname match?

I'm trying to figure out how to query Central via API, specifying the hostname of the device.

This seems possible according to the documentation: https://developer.sophos.com/docs/endpoint-v1/1/routes/endpoints/get

However, when I try to construct a query in the tool using any criteria, no code result is shown, just a blank page (using Safari 14.0.3). See below.

I successfully built a query to return a specific fields using the /endpoints/{endpointID} portion of the tool, here: https://developer.sophos.com/docs/endpoint-v1/1/routes/endpoints/%7BendpointId%7D/get

How do I build an endpoint query by hostname match?

Parents
  • FormerMember
    0 FormerMember

    to clarify - you want the query to the api to provide an endpoint's hostname and the api to only return data for that hostname regardless of the endpoint ID?

    In other words, I have hostname (MyComputer) that has endpointID (555444555444) and you want to send in MyComputer and get the data from the record 555444555444?

  • 0 in reply to FormerMember

    That's correct. I want to be able to pull a given computer's record from Sophos Central when I know the name but not the endpointID.

  • FormerMember
    0 FormerMember in reply to Beth Johnson

    A generic search API that will include the ability to search endpoints by name has been requested and scoped, however it has not yet made it on the backlog.

    We continue to monitor the demand of this request and will prioritize appropriately.

    If this functionality is implemented - we will update the API documentation page.

  • 0 in reply to Beth Johnson

    Hi Beth, I apologize for the confusion.  I was the source of the response original posted by Richard above.  I believe perhaps I misunderstood the intention of your original question.  Please allow me to clarify.

    Yes, the search and filter parameters in the Endpoints API are functional.  My answer was related to the assumption that you may be trying to run a search of endpoints by name across multiple tenants not within a single tenant.  If that was the case it's something we are currently looking at but is not yet on the roadmap.

    If your are looking to run this search within a single tenant, please confirm and I can dig up a sample for you or perhaps a script.  I would just caution however that this process does tend to break down a bit if your use case is indeed across multiple tenants and if there are a significant number of endpoints and tenants, you would need to parse each tenant first, and then endpoints for those tenants, then identify the endpoints by name.  

    What we've seen arise from other attempts to do this is this will typically start to hit our throttling APIs based on the number of calls required to complete the workflow, hence sparking our internal conversations to possibly provide a search across tenants API, which as I clarified earlier, is not yet on the roadmap. 

    I hope that helps clarify and eliminate the confusion.  Please do just confirm back to me your use case and I'm happy to suggest suggestions based on your environment structure.

Reply
  • 0 in reply to Beth Johnson

    Hi Beth, I apologize for the confusion.  I was the source of the response original posted by Richard above.  I believe perhaps I misunderstood the intention of your original question.  Please allow me to clarify.

    Yes, the search and filter parameters in the Endpoints API are functional.  My answer was related to the assumption that you may be trying to run a search of endpoints by name across multiple tenants not within a single tenant.  If that was the case it's something we are currently looking at but is not yet on the roadmap.

    If your are looking to run this search within a single tenant, please confirm and I can dig up a sample for you or perhaps a script.  I would just caution however that this process does tend to break down a bit if your use case is indeed across multiple tenants and if there are a significant number of endpoints and tenants, you would need to parse each tenant first, and then endpoints for those tenants, then identify the endpoints by name.  

    What we've seen arise from other attempts to do this is this will typically start to hit our throttling APIs based on the number of calls required to complete the workflow, hence sparking our internal conversations to possibly provide a search across tenants API, which as I clarified earlier, is not yet on the roadmap. 

    I hope that helps clarify and eliminate the confusion.  Please do just confirm back to me your use case and I'm happy to suggest suggestions based on your environment structure.

Children
Unfiltered HTML