Hello Together,
we are integrating Sophos Central to our MDM solution via the api and now have a problem with some of clients reporting incorrect status via api.
For example i take this client:
If i query it via the Sophos Central API this is the result of : api-eu02.central.sophos.com/.../xxxx-xxxx-4d32-b6b6-c1c99fd2ba62
{
"id": "xxxxx-5774-4d32-b6b6-c1c99fd2ba62",
"type": "computer",
"tenant": {
"id": "xxxxx-f12b-4afa-93eb-bde28244732e"
},
"hostname": "PC-105837",
"health": {
"overall": "good",
"threats": {
"status": "good"
},
"services": {
"status": "good",
"serviceDetails": [
{
"name": "HitmanPro.Alert service",
"status": "running"
},
{
"name": "Sophos Endpoint Defense",
"status": "running"
},
{
"name": "Sophos Endpoint Defense Service",
"status": "running"
},
{
"name": "Sophos File Scanner",
"status": "running"
},
{
"name": "Sophos File Scanner Service",
"status": "running"
},
{
"name": "Sophos MCS Agent",
"status": "running"
},
{
"name": "Sophos MCS Client",
"status": "running"
},
{
"name": "Sophos NetFilter",
"status": "running"
},
{
"name": "Sophos Network Threat Protection",
"status": "running"
},
{
"name": "Sophos System Protection Service",
"status": "running"
}
]
}
},
"os": {
"isServer": false,
"platform": "windows",
"name": "Windows 10 Pro",
"majorVersion": 10,
"minorVersion": 0,
"build": 19045
},
"ipv4Addresses": [
"172.17.1.146"
],
"macAddresses": [
"84:A9:3E:11:11:11"
],
"associatedPerson": {
"viaLogin": "domain\\user"
},
"tamperProtectionEnabled": true,
"assignedProducts": [
{
"code": "endpointProtection",
"version": "10.8.11.4",
"status": "notInstalled"
},
{
"code": "deviceEncryption",
"version": "2022.3.0.21",
"status": "notInstalled"
},
{
"code": "interceptX",
"version": "2022.1.3.3",
"status": "notInstalled"
},
{
"code": "coreAgent",
"version": "2022.4.2.1",
"status": "installed"
},
{
"code": "xdr",
"version": "2022.4.2.1",
"status": "notInstalled"
},
{
"code": "ztna",
"version": "2022.4.2.1",
"status": "notInstalled"
}
],
"lastSeenAt": "2023-03-10T07:39:00.359Z",
"encryption": {
"volumes": [
{
"volumeId": "\\\\?\\Volume{d7976220-f522-4367-8367-f9835d4fec69}\\",
"status": "encrypted"
}
]
}
}
There seems to be a mismatch between what the Sophos Central UI shows and what the API answers.
Does anyone have the same expierence ?
Updated Sophos API Result to 16.03.2023 - Still same issue
[edited by: Michael Schneider at 8:35 AM (GMT -7) on 16 Mar 2023]
