Sophos Cloud Optix

Recommended Reads Getting Started with Cloud Optix API using cURL

Sophos Cloud Optix requires membership for participation - click to join

Our Support phone number for India has changed. The old number will be deprecated as of October 31, 2023. Click here for the new phone number.

Sophos UTM: Decommissioning of obsolete URL categorization services CFFS. Click here for important info.

Getting Started with Cloud Optix API using cURL

DavidOkeyode over 4 years ago

Documentation: https://optix.sophos.com/apiDocumentation
Optix exposed API endpoints

1. Enable API on your Sophos Cloud Optix Account

Go to https://optix.sophos.com/
Settings → Integrations → Sophos Cloud Optix
- Generate new key
- Select expiry date (6 months, 1 year or Never)
- Save
The API key will be downloaded as a text file

2. Authentication/Authorization

curl -X GET \
  optix.sophos.com/.../whitelistIPs \
  -H 'Authorization: ApiKey <API_KEY>'

3. API Examples

a. GET - Alert Count Example

The example below gets the unfiltered alert count in Optix

curl -X GET \
  optix.sophos.com/.../count \
  -H 'Authorization: ApiKey <API_KEY>'

The example below gets a filtered list of suppressed alerts in Optix

curl -X GET \
  'optix.sophos.com/.../count \
  -H 'Authorization: ApiKey <API_KEY>'

The example below gives a filtered list of Azure CIS alerts on Optix

curl -X GET \
  'optix.sophos.com/.../count \
  -H 'Authorization: ApiKey <API_KEY>'

b. GET - Alerts Example

The example below returns one alert from the first page of alerts in Optix

curl -X GET \
  'optix.sophos.com/.../alerts \
  -H 'Authorization: ApiKey <API_KEY>'

c. POST - IP Whitelist Example

The example below shows how to add IP whitelist to Optix using data supplied directly on the command line

curl -X POST \
  optix.sophos.com/.../whitelistIPs \
  -H 'Authorization: ApiKey <API_KEY>' \
  -H 'Content-Type: application/json' \
  -d '{
  "accountIds": null,
  "data": {
    "ips": [
      "2.2.2.2",
      "3.3.3.3"
    ]
  }
}'

d. POST - IP Whitelist Example (using JSON file)

The example below shows how to add IP whitelist to Optix using data supplied in a JSON file

# Create a JSON file with the following content
{
  "accountIds": null,
  "data": {
    "ips": [
      "2.2.2.2",
      "3.3.3.3"
    ]
  }
}

# Post the request and reference the JSON file. E.g. If the file is called "ipwhitelist.json"

curl -X POST \
  optix.sophos.com/.../whitelistIPs \
  -H 'Authorization: ApiKey <API_KEY>' \
  -H 'Content-Type: application/json' \
  -d @ipwhitelist.json

Parents

Joseph Hall over 1 year ago

Extremely intriguing , great job and a debt of gratitude is in order for sharing a decent article. TellCulvers
Cancel
Vote Up 0 Vote Down

Sign in to reply

Cancel

Reply

Joseph Hall over 1 year ago

Extremely intriguing , great job and a debt of gratitude is in order for sharing a decent article. TellCulvers
Cancel
Vote Up 0 Vote Down

Sign in to reply

Cancel

Children

No Data