Advisory: Sophos Endpoint "Your connection isn't private" after reboot. Policy settings can be returned to normal. See: KB-000045954 for the latest updates.

API Live discover

Hi,

i have a problem when i use the Live Discover API to run a query on Sophos.
I follow the procedure described at the URL https://developer.sophos.com/docs/live-discover-v1/1/routes/queries/runs/post

That is my sended json:

{
    "matchEndpoints": {
        "filters": [
            {
                "ids": [
                    "c3a1b995-ccf5-47d0-a9b7-ef13d74b1a2b"
                ]
            }
        ]
    },
    "savedQuery": {
        "queryId": "ae9338d5-eed3-4e38-a4ad-057f5fb68e81"
    },
    "variables": [
        {
            "value": "2021-01-01T00:00:00",
            "dataType": "dateTime",
            "name": "start_time"
        },
        {
            "value": "2023-01-01T00:00:00",
            "dataType": "dateTime",
            "name": "end_time"
        }
    ]
}

But whatever value we enter in start_time or end_time i got error shown below.

Error result:

{
"error": "badRequest",
"correlationId": "774a639b-2598-4a55-baa5-a5fa39f6efa2",
"requestId": "8196806f-2f3f-4e9c-ba5e-d69ebbee0996",
"message": "Some variables do not have values: start_time,end_time. "
}

I have no other details that allow me to investigate. Can you help me on the errors we are encountering.

Parents Reply
  • Hi,

    Yes i'm using a standard query ("ae9338d5-eed3-4e38-a4ad-057f5fb68e81" :"Common suspicious directories (Non-Windows directories").

    I've tried the postman collection but in there example, the use a common and simple case with not real infomation:

    "variables": [
        {
          "name": "non dolore dolor ",
          "dataType": "dateTime",
          "value": "laborum labore"
        },
        {
          "name": "est dolore",
          "dataType": "boolean",
          "value": "exercitation sint do magna "
        }
      ]

    Could you test on your side please?

    Many thanks

Children
No Data