(Fast API scripting) Sophos Central API template in PowerShell

"Disclaimer: Please contact Sophos Professional Services if you require assistance with Scripting"   

Now onto main stuff.

Script provided in this page can serve as a gateway to Sophos Central API custom script creation using PowerShell. 

The script covers the following: 

  • Authentication using client ID and Client secret. 
  • Authorization using Bearer Token retrieved from above action. 
  • It provides two code sections, in one custom function can be created and on other the custom function can be called.
  • Does backup every report generated in every next run at location $env:TEMP\Sophos_reports\<customer_name>\$folder_name_date

when script is run it requests the following information, Generated from the API credentials management page (Sophos Central > Global Settings > API Credentials Management). 

  • Client ID 
  • Client secret & 
  • Customers Account name (usually I prefer abbreviation, example: Metal Alloy Company = MAC) 

Template Script below:

function Authenticator {
    try {
        $headers = New-Object "System.Collections.Generic.Dictionary[[String],[String]]"
        $headers.Add("Content-Type", "application/x-www-form-urlencoded")
        $API_id = Read-Host -Prompt 'Enter Client ID'
        $API_secret = Read-Host -Prompt 'Enter Client Secret'
        $Global:Account_name = Read-Host -Prompt 'Enter Account Name'
        if(Test-Path -Path $env:TEMP\Sophos_reports\$Global:Account_name){
        }
        else{mkdir $env:TEMP\Sophos_reports\$Global:Account_name}
        Set-Location $env:TEMP\Sophos_reports\$Global:Account_name
        $body = "grant_type=client_credentials&client_id=$API_id&client_secret=$API_secret&scope=token"
        $response = Invoke-RestMethod 'https://id.sophos.com/api/v2/oauth2/token' -Method 'POST' -Headers $headers -Body $body
        $Global:API_BToken = 'Bearer '+$response.access_token
        '[+] Bearer Token Recieved'
    }
    catch {
        '[-] Problem in getting Bearer Token Using function = Authenticator'
    }
}

function Get_Client_ID_And_Region {
    
    try{
        $headers = New-Object "System.Collections.Generic.Dictionary[[String],[String]]"
        $headers.Add('Authorization', $Global:API_BToken)
        $response = Invoke-RestMethod 'https://api.central.sophos.com/whoami/v1' -Method 'GET' -Headers $headers
        $Global:Customer_ID = $response.id
        $Global:Customer_region = $response.apiHosts.dataRegion
        '[+] Authorization Successfull'
    }
    catch{
        '[-] Authorization Failed using function = Get_Client_ID_And_Region'      
    }

}

function File_Backup_Manager {
    
    $folder_name_date = (((get-date) -split(' ')) -split{$_ -eq '/' -or $_ -eq ':'}) -join '_' 
    if(Test-Path $env:TEMP\Sophos_reports\$Global:Account_name\*){
        mkdir $folder_name_date
        move-item *.json, *.csv -Destination $env:TEMP\Sophos_reports\$Global:Account_name\$folder_name_date
    }
    else{
       
    }
    Start-Process $env:TEMP\Sophos_reports\$Global:Account_name
}

# --------------------------------------------------------- Add Your Custom Functions here -----------------------------------------------



# --------------------------------------------------------- Add Your Custom Functions above -----------------------------------------------

#Function Controller

Authenticator
if($Global:API_BToken){
    
    Get_Client_ID_And_Region
    if($Global:Customer_ID){
        File_Backup_Manager

        #------------------------------------------------- call your custom functions from here ------------------------------------------------
        
        

        #------------------------------------------------- call your custom functions from here ------------------------------------------------

    }
    else{
        '[-] Customer ID not recieved'
    }
}
else{
    '[-] Bearer Token Not Recieved'

}

To create functions rapidly, follow the process below: 

  • Create an account in postman 
  • Import Sophos API template to postman 
    • Download the template from: https://codeload.github.com/sophos/sophos-central-apis-postman/zip/refs/heads/main 
    • Import the following two files after extracting downloaded zip: 



    • Open one of the collections 
    • For example, I am using “GET All Endpoints” 
    • Replace all {{****}} instances with their respective values (available in authorization (2nd step) response body) 


    • I replaced it with us03. 
    • Set authorization as bearer token (available in authentication (1st step) response body)

    • I selected authorization type as bearer token and copy pasted the bearer token. 
    • Now hit on the send button to test the request.



    • If successful, then get the code from </> button and select PowerShell.


    • Now create a function using the code above and put it in the custom functions section of the provided template.



    • Call it, as per below code section


At this stage you should have a custom script ready.

Feel free to post your input, feedback or queries regarding the above. 
Cheers Blush 

Sign up to the Sophos Support Notification Service to get the latest product release information and critical issues. 



Added Report backup information.
[edited by: Niranjan Lakra at 1:24 AM (GMT -7) on 6 Sep 2022]