API Endpoint Health Status Reports

 I have some questions on the reporting we get out of the Sophos Centra API. We are seeing a discrepancy between client health status se see in the web interface and the reports we generate from the API. As an example I have a computer that shows in the web ui critical status, but when we pull a report from the API this computer shows overall health status of good, but with 1 high alert error of real time protection disabled. This seems a bit off that a computer would have a high severity alert but still have a good health status.

Does anyone know of any documentation for what triggers the different health statuses we see in the API reporting vs what we see in the web ui? We are trying to build some automations, but it is difficult with what seems like inconsistent reporting.

Added TAGs
[edited by: Qoosh at 7:25 AM (GMT -7) on 17 Jun 2022]
  • Hi rfrutiger,

    Thanks for reaching out to the Sophos Community Forum. I have moved this post over to the Sophos Central API page for further correspondence. 

    The feedback we received previously from our product teams is as follows. 
    The underlying design differences mean the 2 data sources can vary and that making them both as accurate as we’d like would be a significant piece of work that we don’t currently have planned. We haven’t previously identified a simple improvement that would help when we have looked at this before, but we are discussing again to see if there are any options we have.

    I will follow up with our team and let you know if there are any feature improvements planned for Sophos Central API in the coming months. 

    Kushal Lakhan
    Global Community Support Engineer
    Connect with Sophos Support, get alerted, and be informed.
    If a post solves your question, please use the "Verify Answer" button.
    The New Home of Sophos Support Videos!  Visit Sophos Techvids