How to retrieve the Core Agent version from a device via API?

Hello-

I need to determine the version of Core Agent that is installed/running on all supported customer devices.

I can see this value in the Sophos Central UI by selecting a specific device, but I need this info for over 2000 supported devices. Manually clicking on each of these devices isn't feasible.

My guess is that I could retrieve this value via API, but I haven't been able to locate which API endpoint I need to call to pull that info for a device.

What is the API I need to call to get the Core Agent version on a device?

Thanks,

Brian



Edit Tags
[edited by: GlennSen at 6:14 AM (GMT -7) on 24 Mar 2022]
Parents Reply Children
  • FormerMember
    0 FormerMember in reply to BriE

    I depends on how the accounts are created If they were created/linked to the partner dashboard - then go through there. If they are linked through an Enterprise Dashboard - and can be managed there (ie., you can click on them and launch the specific Central Dashboard there) then you do the Enterprise Dash path. Basically, the API token needs to be in the up stream permissions set to access the children. 

  • FormerMember
    0 FormerMember in reply to FormerMember

    I just tested all the steps in the Enterprise Dashboard process and they all worked properly. I used curl to make sure Postman wasn't adding anything strange. 

    Here is the request I used to do that action:

    curl -XGET -H "Authorization: Bearer eyJ0e****SbxH-16u1-GU" \
    -H "X-Organization-ID: 93***cb" \
    api.central.sophos.com/.../tenants



  • FormerMember
    0 FormerMember in reply to FormerMember

    argh, the forum made it a hyperlink - hover over it to see the complete URL you need to use.

  • Here is what I get when I follow the steps using curl

    PS C:\Users\brian> curl.exe -XPOST -H "Content-Type:application/x-www-form-urlencoded" -d "grant_type=client_credentials&client_id=d****5&client_secret=3****4&scope=token" id.sophos.com/.../token
    {"access_token": "e****E", "errorCode": "success", "expires_in": 3600, "message": "OK", "refresh_token": "e****3", "token_type": "bearer", "trackingId": "d7006bf5-55c4-4a95-82fe-edac1c1433a8"}


    PS C:\Users\brian> curl.exe -XGET -H "Authorization: Bearer e****E" api.central.sophos.com/.../v1
    {"id":"a****6","idType":"organization","apiHosts":{"global":"">api.central.sophos.com"}}


    PS C:\Users\brian> curl.exe -XGET -H "Authorization: Bearer e****E" -H "X-Organization-ID: a****6" api.central.sophos.com/.../tenants
    {
    "error": "Forbidden",
    "correlationId": "962c24eb-0c16-464b-96de-49c380e9231d",
    "requestId": "362a5608-1657-40cc-9d17-c747b3ad1f2d",
    "createdAt": "2022-03-25T18:51:33.266Z",
    "message": "Access Denied"
    }

    PS C:\Users\brian> curl.exe -XPOST -H "Content-Type:application/x-www-form-urlencoded" -d "grant_type=client_credentials&client_id=d****5&client_secret=3****4&scope=token" https://id.sophos.com/api/v2/oauth2/token
    {"access_token": "e****E", "errorCode": "success", "expires_in": 3600, "message": "OK", "refresh_token": "e****3", "token_type": "bearer", "trackingId": "d7006bf5-55c4-4a95-82fe-edac1c1433a8"}
    
    
    PS C:\Users\brian> curl.exe -XGET -H "Authorization: Bearer e****E" https://api.central.sophos.com/whoami/v1
    {"id":"a****6","idType":"organization","apiHosts":{"global":"https://api.central.sophos.com"}}
    
    
    PS C:\Users\brian> curl.exe -XGET -H "Authorization: Bearer e****E" -H "X-Organization-ID: a****6" https://api.central.sophos.com/organization/v1/tenants?pageTotal=true
    {
    "error": "Forbidden",
    "correlationId": "962c24eb-0c16-464b-96de-49c380e9231d",
    "requestId": "362a5608-1657-40cc-9d17-c747b3ad1f2d",
    "createdAt": "2022-03-25T18:51:33.266Z",
    "message": "Access Denied"
    }

  • FormerMember
    0 FormerMember in reply to BriE

    ok, that looks like the creds you are using don't have access to that level of the data structure. What role did you give it?

  • Right now I am using read only creds.
    What level of credentials do I need to pull the tenants list?

  • FormerMember
    +1 FormerMember in reply to BriE

    To translate down to query that level you need Admin rights because it exposes information for multiple estates.