Sophos Cloud Optix

Recommended Reads Getting Started with Cloud Optix API using PostMan

Sophos Cloud Optix requires membership for participation - click to join

Getting Started with Cloud Optix API using PostMan

DavidOkeyode over 3 years ago

Documentation: https://optix.sophos.com/apiDocumentation
Optix exposed API endpoints

1. Enable API on your Sophos Cloud Optix Account

Go to https://optix.sophos.com/
Settings → Integrations → Sophos Cloud Optix
- Generate new key
- Select expiry date (6 months, 1 year or Never)
- Save
The API key will be downloaded as a text file

2. Download and Install the latest version of PostMan for your OS

https://www.getpostman.com/downloads/

3. Authentication/Authorization

Open Postman
File → New Tab

Select "GET" and enter the URI for an optix API endpoint E.g. https://optix.sophos.com/api/v1/whitelistIPs

In the "Authorization" pane, select "None" or "Inherit auth from parent"

In the "Headers" pane, set a header with the following key-value pair
Key: Authorization
Value: ApiKey <API_KEY_VALUE>

Click on "Send" to submit the request

The response should be displayed in the body section below

4. API Examples

a. GET - Alert Count Example

Method: GET
URI: https://optix.sophos.com/api/v1/alerts/count
HEADERS
- Key: Authorization
- Value: ApiKey <API_KEY_VALUE>
Click on "Send"

The number of alerts will be shown in the "Body" section below

To filter the response using parameters, for example, adding the parameter below will show a count of only suppressed alerts (The full list of parameters can be found in the API documentation)
- PARAMS
  - Key: states
  - Value: SUPPRESS
- Click on "Send"
- The response will be displayed in the "Body" section below

PARAMS (The example below will show a filtered list of Azure alerts that are related to the CIS benchmark)
- Key: providerList
  - Value: Azure
- Key: policyTagList
  - Value: CIS
Click on "Send"
The response will be displayed in the "Body" section below

b. GET - Alerts Example

Method: GET
URI: https://optix.sophos.com/api/v1/alerts
HEADERS
- Key: Authorization
- Value: ApiKey <API_KEY_VALUE>
PARAMS
- Key: page
  - Value: 1
- Key: size
  - Value: 1
Click on "Send"

c. POST - IP Whitelist Example

Method: POST
URI: https://optix.sophos.com/api/v1/whitelistIPs
HEADERS
- Key: Authorization
- Value: ApiKey <API_KEY_VALUE>
BODY
- RAW
- JSON (application/json)
- Paste the following:

{
  "accountIds": null,
  "data": {
    "ips": [
      "1.1.1.1",
      "2.2.2.2"
    ]
  }
}

Click on "Send"

You should see no errors in the response in the "Body" section

You can verify in the Sophos Optix console under Settings → IP whitelist

Parents

Clark Downs 8 months ago

I had question. We have about 30 Sophos Cloud Scheduled Scans, in Task Scheduler set to go every week at the same time (not sure why) but this server is having Memory exhaustion issues and needs to be rebooted does the 'BackgroundScanClient' open multiple threads, could this the problem? Dinar Guru Updates
Cancel
Vote Up 0 Vote Down

Sign in to reply

Cancel

Reply

Clark Downs 8 months ago

I had question. We have about 30 Sophos Cloud Scheduled Scans, in Task Scheduler set to go every week at the same time (not sure why) but this server is having Memory exhaustion issues and needs to be rebooted does the 'BackgroundScanClient' open multiple threads, could this the problem? Dinar Guru Updates
Cancel
Vote Up 0 Vote Down

Sign in to reply

Cancel

Children

GlennSen 5 months ago in reply to Clark Downs

Thank you for reaching community forum. With regards to this, allow us to have this checked with our internal team and get back to you.

Glenn ArchieSeñas (GlennSen)

Global Community Support Engineer | Global Community and Digital Customer Support

Connect, Engage, Earn Rewards - Join the Sophos Community
Cancel
Vote Up 0 Vote Down

Sign in to reply

Cancel