Introducing the Generally Available release for our latest integration; Sophos Central plugin for ConnectWise Automate. This plugin is designed to allow our MSPs to now manage Sophos Central Endpoints & Alerts directly from within ConnectWise Automate.
|
*Note: By clicking Download, you agree to the Sophos API & Plugins Terms of Use. You also acknowledge that Sophos processes personal data in accordance with the Sophos Privacy Policy. |
Table of Contents
Dashboard - Quickly determine service and health issues with endpoints. Even drill into Endpoint or Alert issues for actions.
Clients - Assign 'Sophos Tenant' to 'ConnectWise Client'. Filter by Tenant, Data Region or Billing Type.
Starting from version 1.2.0.0 there is no longer a need to manage Customer Tokens for Deployments.
Automate Computers and Sophos Endpoints - Quickly determine Computers in poor health, or missing the Sophos Endpoint Client. Even action a single endpoint, or many endpoints in bulk.
Actions include:
- Forcing definitions updates
- Forcing scans
- Enabling/Disabling tamper protection
- Isolate/Deisolate endpoints
- Deleting endpoints from Sophos Central
- Deletion of the endpoint does not uninstall the endpoint
- Manually deploy the Sophos agent for specific devices when customer level auto-deployment is not feasible
- Exclude/remove exclusion for Auto-deployment
Finding computers/endpoints - Search, Filter and Sort
- Please click on Create Filter to use one or more filter criteria to find the relevant computers/endpoints
- The Search function works on below mentioned field list -
|
Computer Page |
Endpoint Page |
|
Computer Name |
Person |
|
Client Name |
Host Name |
|
Location |
Tenant Name |
|
Tenant Name |
|
- The Sorting function works on below mentioned field list -
|
Computer Page |
Endpoint Page |
|
Computer Name |
Tenant Name |
|
Client Name |
Host Name |
|
Tenant Name |
Last Seen |
|
Deployment Status |
Last Data Sync |
|
Last Seen |
Tenant Id |
|
Computer ID |
|
|
Last Data Sync |
|
Alerts - Filter alerts by category and severity, then action the alert, or multiple alerts all at once.
Actions include:
- Acknowledge alerts
- This will clear the alert from Sophos Central
- Cleaning a virus or threat from the affected endpoint(s)
- Cleaning a potentially unwanted application from the affected endpoint(s)
- Authorizing a file previously marked as potentially unwanted to run on selected endpoint(s)
Deployments - Manually deploy to specific endpoints on the fly, or configure Autodeploy settings for Client Locations.
Plugin Logs - Audit Logging to determine if installs and bulk actions were successful, or failed. Self troubleshoot issues that arise.
Installation & Setup
- Start by Downloading the plugin !
- After downloading, right click the .DLL file, select 'Properties, and check the 'UnBlock' box in order for the installation to complete.
- Open the Plugin Manager, using the 'Run as Administrator' option
- This is found by clicking on 'System', expanding 'Solutions', and then clicking on 'Plugin Manager'
- From the Plugin Manager, Click on 'Advanced' at the top right, then 'Manage Plugins' and 'Add Plugin'.
- Browse to the location where you download the Plugin DLL and then select it and click 'Open'.
- Simply Click 'Save and Close' on the Add a Plugin screen.
- You will now see Sophos Central in the Plugin Manager. However, it will be Disabled by Default.
- Right Click on Sophos Central and Click 'Enable'
- Enabling the Plug-in will require a restart of the Database Agent. Click 'Yes'.
- Once Restarted Successfully, you will need to close and re-open the Automate Client.
Configuring the Sophos Central Plugin
- Access the Sophos Central Plugin from Tools, then click on Sophos Central
- You will start on the Settings page. The first step will be to enter your Sophos Central Partner API Credentials.
***This is not your Sophos Central Partner Dashboard login E-mail and Password***
- From a browser, log in to your Sophos Central Partner Dashboard. Go to 'Settings & Policies' and then click on 'API Credentials Management'.
- Click on the 'Add Credential' button on the top right.
- Enter the name and description for your API Credential, and select the Service Principal Super Admin role.
- You now have an API Credential created. Copy the 'Client ID' and then click on 'Show Client Secret'.
***The Show Client Secret is only available to view once for security reasons***
- Now go back to the Sophos Central Plugin and enter your Client ID and Client Secret.
Assigning Client to Sophos Central Tenants
- You will need to match your Automate Client to your Sophos Central Tenants.
- Under the 'Clients' Tab, select an Automate Client and then click on the Assign Tenant button and from the dropdown select the Sophos Central Tenant that matches.
- Prior to version 1.2.0.0 partners had to either upload tokens from a CSV file, or manually set the Customer Token from the CSV file found on the Sophos Central Partner Dashboard - Deployment tab. This was used in for Auto Deployment configurations, however token management was made unnecessary with the 1.2.0.0 release.
Deployment Configuration
Deployment capabilities built directly into the plugin will allow you to
- Configure auto deployment options across multiple locations for Windows and Mac Endpoints & Servers
- Configure the following deployment options
- Automatic (License Based) = All licensed products for the tenant will be selected and deployed automatically
- Intercept X Only = Intercept X
- Intercept X Essentials = Endpoint Protection
- Intercept X Advanced = Endpoint Protection & Intercept X
- Intercept X Advanced with XDR = Endpoint Protection & Intercept X & XDR
- Sophos MDR = Endpoint Protection & Intercept X & MDR
- XDR Only = XDR Sensor (we won't install anti-malware protection)
Troubleshooting & Logging
Installation issues:
Issue: There was an error uploading the new plugin: Could not load file or assembly
file:///C:\Users\*******\AppData\Local\Temp\tmp48DB6.tmp' or one of its dependencies. Operation is not supported.
(Exception from HRESULT: 0x80131515)
Solution: As this plugin is not available from the solution center, but downloaded from the Sophos Community, you may need to unblock the .DLL file by right clicking and navigating to file properties, as shown in the below screenshot. Ensure you are running the latest .NET Framework version.
Authentication Issues
Issue: In some instances of both on-prem and hosted Connectwise post version 2021.1 we are seeing authentication issues due to the inability for the plugin to create the required database tables to store the authentication credentials.
Solution: Please see our wiki article on assigning effective permissions to user classes. If that doesn't work Connectwise provides a work around for on-prem solutions only.
Duplicate Machine Entry Issues
Issue: Duplicate machine entry is observed under the Computers tab
Solution: Please see our wiki article on the observed causes of why a duplicate machine may be observed and how to correct.
General Issues:
The Sophos plugin will keep an audit log of actions attempted and performed on Endpoints, Alerts, and Deployments, as well as application error logs such as failed API requests.
To check Audit logs navigate to 'Plugin Logs' within the Sophos Security Solutions Plugin.
- There will be an option to save these logs to the local Drive in the event support intervention is required.
Also detailed application logs are kept in the following locations.
- Server: %windir%\Temp\ConnectWise Automate Plugins\SophosCentral
- Control Center: %temp%\ConnectWise Automate Plugins\SophosCentral
Help & Support
Support can be provided by opening a Support Case.
- Make sure you select 'Sophos Central'.
- Please explain your issue in detail, and include all logs containing any relevant information such as the referenced error.
- Please don't include your API credentials or any personal information.
Product feedback and feature enhancement requests may be submitted in our Feedback Forum.
- Please open a new discussion topic if your request is not already present
- For already present requests, please vote on the existing topic.
