Sophos Cloud Optix: Getting Started with API using PostMan

Disclaimer: This information is provided as-is for the benefit of the Community. Please contact Sophos Professional Services if you require assistance with your specific environment.

Overview

Overview

This Recommended Reads describes the step-by-step manual on configuring Cloud Optix API using PostMan.

Documentation: https://optix.sophos.com/apiDocumentation
Optix exposed API endpoints

Step 1. Enabling API

Turn on API on your Sophos Cloud Optix Account

Go to https://optix.sophos.com/
Settings → Integrations → Sophos Cloud Optix
- Generate new key
- Select expiry date (6 months, 1 year or Never)
- Save
The API key will be downloaded as a text file

Step 2. Download & Install

To download and Install the latest version of PostMan for your OS, kindly see link below

https://www.getpostman.com/downloads/

Step 3. Authentication/Authorization

Open Postman, and under File → New Tab

Select "GET" and enter the URI for an optix API endpoint, E.g., https://optix.sophos.com/api/v1/whitelistIPs

In the "Authorization" pane, select "None" or "Inherit auth from parent."

In the "Headers" pane, set a header with the following key-value pair

Key: Authorization
Value: ApiKey <API_KEY_VALUE>

Click "Send" to submit the request

The response must be displayed in the body section below

Step 4. API Examples

A. GET - Alert Count Example

Method: GET
URI: https://optix.sophos.com/api/v1/alerts/count
HEADERS
- Key: Authorization
- Value: ApiKey <API_KEY_VALUE>
Click on "Send"

The number of alerts will be shown in the "Body" section below

To filter the response using parameters, for example, adding the parameter below will show a count of only suppressed alerts (The full list of parameters can be found in the API documentation)

PARAMS
- Key: states
- Value: SUPPRESS
Click "Send"
The response will be displayed in the "Body" section below

PARAMS (The example below will show a filtered list of Azure alerts that are related to the CIS benchmark)
- Key: providerList
  - Value: Azure
- Key: policyTagList
  - Value: CIS
Click "Send"
The response will be displayed in the "Body" section below

B. GET - Alerts Example

Method: GET
URI: https://optix.sophos.com/api/v1/alerts
HEADERS
- Key: Authorization
- Value: ApiKey <API_KEY_VALUE>
PARAMS
- Key: page
  - Value: 1
- Key: size
  - Value: 1
Click "Send"

C. POST - IP Whitelist Example

Method: POST
URI: https://optix.sophos.com/api/v1/whitelistIPs
HEADERS
- Key: Authorization
- Value: ApiKey <API_KEY_VALUE>
BODY
- RAW
- JSON (application/json)
- Paste the following:

{
  "accountIds": null,
  "data": {
    "ips": [
      "1.1.1.1",
      "2.2.2.2"
    ]
  }
}

Click "Send."

You must see no errors in the response in the "Body" section

You can verify in the Sophos Optix console under Settings → IP whitelist

Revamped RR
[edited by: Erick Jan at 5:48 AM (GMT -7) on 18 Apr 2024]

Clark Downs over 2 years ago

I had question. We have about 30 Sophos Cloud Scheduled Scans, in Task Scheduler set to go every week at the same time (not sure why) but this server is having Memory exhaustion issues and needs to be rebooted does the 'BackgroundScanClient' open multiple threads, could this the problem? Dinar Guru Updates
Cancel
Vote Up 0 Vote Down

Sign in to reply

Cancel
GlennSen over 2 years ago in reply to Clark Downs

Thank you for reaching community forum. With regards to this, allow us to have this checked with our internal team and get back to you.

Glenn ArchieSeñas (GlennSen)

Global Community Support Engineer

The New Home of Sophos Support Videos! - Visit Sophos Techvids
Cancel
Vote Up 0 Vote Down

Sign in to reply

Cancel