How to retrieve the Core Agent version from a device via API?

Hello-

I need to determine the version of Core Agent that is installed/running on all supported customer devices.

I can see this value in the Sophos Central UI by selecting a specific device, but I need this info for over 2000 supported devices. Manually clicking on each of these devices isn't feasible.

My guess is that I could retrieve this value via API, but I haven't been able to locate which API endpoint I need to call to pull that info for a device.

What is the API I need to call to get the Core Agent version on a device?

Thanks,

Brian



Edit Tags
[edited by: GlennSen at 6:14 AM (GMT -7) on 24 Mar 2022]
Parents Reply Children
  • Here is what I get when I follow the steps using curl

    PS C:\Users\brian> curl.exe -XPOST -H "Content-Type:application/x-www-form-urlencoded" -d "grant_type=client_credentials&client_id=d****5&client_secret=3****4&scope=token" id.sophos.com/.../token
    {"access_token": "e****E", "errorCode": "success", "expires_in": 3600, "message": "OK", "refresh_token": "e****3", "token_type": "bearer", "trackingId": "d7006bf5-55c4-4a95-82fe-edac1c1433a8"}


    PS C:\Users\brian> curl.exe -XGET -H "Authorization: Bearer e****E" api.central.sophos.com/.../v1
    {"id":"a****6","idType":"organization","apiHosts":{"global":"">api.central.sophos.com"}}


    PS C:\Users\brian> curl.exe -XGET -H "Authorization: Bearer e****E" -H "X-Organization-ID: a****6" api.central.sophos.com/.../tenants
    {
    "error": "Forbidden",
    "correlationId": "962c24eb-0c16-464b-96de-49c380e9231d",
    "requestId": "362a5608-1657-40cc-9d17-c747b3ad1f2d",
    "createdAt": "2022-03-25T18:51:33.266Z",
    "message": "Access Denied"
    }

    PS C:\Users\brian> curl.exe -XPOST -H "Content-Type:application/x-www-form-urlencoded" -d "grant_type=client_credentials&client_id=d****5&client_secret=3****4&scope=token" https://id.sophos.com/api/v2/oauth2/token
    {"access_token": "e****E", "errorCode": "success", "expires_in": 3600, "message": "OK", "refresh_token": "e****3", "token_type": "bearer", "trackingId": "d7006bf5-55c4-4a95-82fe-edac1c1433a8"}
    
    
    PS C:\Users\brian> curl.exe -XGET -H "Authorization: Bearer e****E" https://api.central.sophos.com/whoami/v1
    {"id":"a****6","idType":"organization","apiHosts":{"global":"https://api.central.sophos.com"}}
    
    
    PS C:\Users\brian> curl.exe -XGET -H "Authorization: Bearer e****E" -H "X-Organization-ID: a****6" https://api.central.sophos.com/organization/v1/tenants?pageTotal=true
    {
    "error": "Forbidden",
    "correlationId": "962c24eb-0c16-464b-96de-49c380e9231d",
    "requestId": "362a5608-1657-40cc-9d17-c747b3ad1f2d",
    "createdAt": "2022-03-25T18:51:33.266Z",
    "message": "Access Denied"
    }

  • FormerMember
    0 FormerMember in reply to BriE

    ok, that looks like the creds you are using don't have access to that level of the data structure. What role did you give it?

  • Right now I am using read only creds.
    What level of credentials do I need to pull the tenants list?

  • FormerMember
    +1 FormerMember in reply to BriE

    To translate down to query that level you need Admin rights because it exposes information for multiple estates.