Sophos Cloud Optix: Getting Started with API using cURL

Disclaimer: This information is provided as-is for the benefit of the Community. Please contact Sophos Professional Services if you require assistance with your specific environment.


Overview

This Recommended Reads describes the step-by-step manual on configuring Cloud Optix API using cURL.

Step 1. Enabling API

Go to https://optix.sophos.com/

Settings → Integrations → Sophos Cloud Optix

  • Generate new key
  • Select expiry date (6 months, 1 year or Never)
  • Save
  • The API key will be downloaded as a text file

Step 2. Authentication/Authorization

curl -X GET \
  optix.sophos.com/.../whitelistIPs \
  -H 'Authorization: ApiKey <API_KEY>'

Step 3. API Examples

A. GET - Alert Count Example

The example below gets the unfiltered alert count in Optix

curl -X GET \
  optix.sophos.com/.../count \
  -H 'Authorization: ApiKey <API_KEY>'

The example below gets a filtered list of suppressed alerts in Optix

curl -X GET \
  'optix.sophos.com/.../count \
  -H 'Authorization: ApiKey <API_KEY>'

The example below gives a filtered list of Azure CIS alerts on Optix

curl -X GET \
  'optix.sophos.com/.../count \
  -H 'Authorization: ApiKey <API_KEY>'

B. GET - Alerts Example

The example below returns one alert from the first page of alerts in Optix

curl -X GET \
  'optix.sophos.com/.../alerts \
  -H 'Authorization: ApiKey <API_KEY>'

C. POST - IP Whitelist Example

The example below shows how to add IP whitelist to Optix using data supplied directly on the command line

curl -X POST \
  optix.sophos.com/.../whitelistIPs \
  -H 'Authorization: ApiKey <API_KEY>' \
  -H 'Content-Type: application/json' \
  -d '{
  "accountIds": null,
  "data": {
    "ips": [
      "2.2.2.2",
      "3.3.3.3"
    ]
  }
}'

D. POST - IP Whitelist Example (using JSON file)

The example below shows how to add IP whitelist to Optix using data supplied in a JSON file

# Create a JSON file with the following content
{
  "accountIds": null,
  "data": {
    "ips": [
      "2.2.2.2",
      "3.3.3.3"
    ]
  }
}

# Post the request and reference the JSON file. E.g. If the file is called "ipwhitelist.json"

curl -X POST \
  optix.sophos.com/.../whitelistIPs \
  -H 'Authorization: ApiKey <API_KEY>' \
  -H 'Content-Type: application/json' \
  -d @ipwhitelist.json

 



Revamped RR
[edited by: Erick Jan at 5:54 AM (GMT -7) on 18 Apr 2024]
Parents Reply Children
No Data