Is there anything on the roadmap for this? We use a 3rd party Security Awareness product that includes a Phish Testing feature (*). This requires a large number of exceptions, and adding and checking them across a large number of tenants is tedious so an API would be awesome.
I can use the endpoint API to add the URL exceptions, but for email I need to add the URLs again (not malicious and don't rewrite), the source IP's (don't check RBL), and the source domains (don't allow user to whitelist)
(*) yes I'm aware Sophos has a Phish Testing feature too
Good day! I don't see any Central Email API in the roadmap currently. I would recommend contacting your Sophos partner or sales representative directly if you want to request for this feature to be added as per this link: https://community.sophos.com/b/community-blog/posts/sophos-ideas-portal-retirement
The first public Email API being released in the next week will allow you to download and consume into a SIEM Message History data from the Threat Analysis Center > Live Discover. We are working on other API's that will allow you to add/remove items from various lists like Allow/Block as well as Quarantine Release/Delete. Phish Threat also has a list of API's being developed and I will see what is included in those and let you all know.
Thanks for the update. Looking forward to it :)
Any more news on this API?
It is availabe, Message History API
Hi Tom, from what I can tell this doesn't give the ability to control items that are waiting in quarantine? Just post-quarantine information from the XDR data lake? I guess I misunderstood your reference to 'Quarantine Release/Delete' in your earlier response.
That will be delivered in early 2023. It is under development. First api was message history and then comes quarantine.
Thanks Tom - that's good news. I'll keep my eye out!