I have some questions on the reporting we get out of the Sophos Centra API. We are seeing a discrepancy between client health status se see in the web interface and the reports we generate from the API. As an example I have a computer that shows in the web ui critical status, but when we pull a report from the API this computer shows overall health status of good, but with 1 high alert error of real time protection disabled. This seems a bit off that a computer would have a high severity alert but still have a good health status.
Does anyone know of any documentation for what triggers the different health statuses we see in the API reporting vs what we see in the web ui? We are trying to build some automations, but it is difficult with what seems like inconsistent reporting.
Thanks for reaching out to the Sophos Community Forum. I have moved this post over to the Sophos Central API page for further correspondence.
The feedback we received previously from our product teams is as follows. The underlying design differences mean the 2 data sources can vary and that making them both as accurate as we’d like would be a significant piece of work that we don’t currently have planned. We haven’t previously identified a simple improvement that would help when we have looked at this before, but we are discussing again to see if there are any options we have.
I will follow up with our team and let you know if there are any feature improvements planned for Sophos Central API in the coming months.