Detections/Investigations API

Hi there,

Has anyone managed to construct API queries to pull out Detections/Investigations from Sophos XDR at all?

We want these to be pushed into our ticketing platform as they are generated (or fetch them every 5 mins etc.) but I can't find any part of the API that can be used for this.

Seems like a necessary feature that's not available.

Can anyone shed any light?

Thanks

0 Qoosh over 2 years ago

Hi kevin,

Thanks for reaching out to the Sophos Community Forum.

It is not currently possible to query the XDR Detections generated using API Queries. It’s possible to run queries against the information in the data lake, similar to if you used the UI in Sophos Central.

If you would like to see this functionality added in to Sophos Central, I suggest connecting with your Account Manager so they can share your thoughts with our product teams. In some cases, they can also shed light on features already on the roadmap.

Kushal Lakhan

Team Lead, Global Community Support
Connect with Sophos Support, get alerted, and be informed.
If a post solves your question, please use the "Verify Answer" button.

The New Home of Sophos Support Videos! - Visit Sophos Techvids
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 Rick Fazoui over 1 year ago

Hi, did you somehow manage to fetch the detections data? In particular, from the data lake I can retrieve the detection data with a query, but not the associated status (new, closed, ...)
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel