Reflexion will be End-of-life on March 31,2023. See Sophos Reflexion EoL FAQs to learn more.
"Disclaimer: Please contact Sophos Professional Services if you require assistance with Scripting"
Now onto main stuff.Script provided in this page can serve as a gateway to Sophos Central API custom script creation using PowerShell.
The script covers the following:
when script is run it requests the following information, Generated from the API credentials management page (Sophos Central > Global Settings > API Credentials Management).
Template Script below:
function Authenticator { try { $headers = New-Object "System.Collections.Generic.Dictionary[[String],[String]]" $headers.Add("Content-Type", "application/x-www-form-urlencoded") $API_id = Read-Host -Prompt 'Enter Client ID' $API_secret = Read-Host -Prompt 'Enter Client Secret' $Global:Account_name = Read-Host -Prompt 'Enter Account Name' if(Test-Path -Path $env:TEMP\Sophos_reports\$Global:Account_name){ } else{mkdir $env:TEMP\Sophos_reports\$Global:Account_name} Set-Location $env:TEMP\Sophos_reports\$Global:Account_name $body = "grant_type=client_credentials&client_id=$API_id&client_secret=$API_secret&scope=token" $response = Invoke-RestMethod 'https://id.sophos.com/api/v2/oauth2/token' -Method 'POST' -Headers $headers -Body $body $Global:API_BToken = 'Bearer '+$response.access_token '[+] Bearer Token Recieved' } catch { '[-] Problem in getting Bearer Token Using function = Authenticator' } } function Get_Client_ID_And_Region { try{ $headers = New-Object "System.Collections.Generic.Dictionary[[String],[String]]" $headers.Add('Authorization', $Global:API_BToken) $response = Invoke-RestMethod 'https://api.central.sophos.com/whoami/v1' -Method 'GET' -Headers $headers $Global:Customer_ID = $response.id $Global:Customer_region = $response.apiHosts.dataRegion '[+] Authorization Successfull' } catch{ '[-] Authorization Failed using function = Get_Client_ID_And_Region' } } function File_Backup_Manager { $folder_name_date = (((get-date) -split(' ')) -split{$_ -eq '/' -or $_ -eq ':'}) -join '_' if(Test-Path $env:TEMP\Sophos_reports\$Global:Account_name\*){ mkdir $folder_name_date move-item *.json, *.csv -Destination $env:TEMP\Sophos_reports\$Global:Account_name\$folder_name_date } else{ } Start-Process $env:TEMP\Sophos_reports\$Global:Account_name } # --------------------------------------------------------- Add Your Custom Functions here ----------------------------------------------- # --------------------------------------------------------- Add Your Custom Functions above ----------------------------------------------- #Function Controller Authenticator if($Global:API_BToken){ Get_Client_ID_And_Region if($Global:Customer_ID){ File_Backup_Manager #------------------------------------------------- call your custom functions from here ------------------------------------------------ #------------------------------------------------- call your custom functions from here ------------------------------------------------ } else{ '[-] Customer ID not recieved' } } else{ '[-] Bearer Token Not Recieved' }
To create functions rapidly, follow the process below:
At this stage you should have a custom script ready.
Feel free to post your input, feedback or queries regarding the above. Cheers
Sign up to the Sophos Support Notification Service to get the latest product release information and critical issues.
Created custom function returns the "items" in PS. However no export is generated at backup location. What is missing ?
Let me know if adding the following at the end of your curl string works.- | Out-File <file location>
It works, if the last function line is:
$response | ConvertTo-Json | Out-File $env:TEMP\Sophos_reports\$Global:Account_name\endpoints.json
However this only returns 50 devices.
Hi Ovidiu Ene following should have helped increasing the device count in output. Note: Maximum devices per page is 500 https://api-{dataRegion}.central.sophos.com/endpoint/v1/endpoints?pageSize=500more info available at : https://developer.sophos.com/whatsnew