• Detections/Investigations API

    kevin robertson
    kevin robertson
    Hi there, Has anyone managed to construct API queries to pull out Detections/Investigations from Sophos XDR at all? We want these to be pushed into our ticketing platform as they are generated (or fetch them every 5 mins etc.) but I can't find any…
    • over 2 years ago
    • Sophos Central API
    • Discussions
  • API import successful - but failed

    LHerzog
    LHerzog
    I was importing a firewall rule on a remote XGS and used a XML file for that. While the GUI showed green message after importing .tar file "API import successful" the rule got not created. The apiparser.log shows issues with the XML structure. INFO…
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • API SIEM in Qradar

    Sophos User6568
    Sophos User6568
    Hello, I'm using the SIEM API in Qradar and it works when I run the command manually but, when I configure a crontab with the command "*/10 * * * * python3 /root/Sophos-Central-SIEM-Integration-master/siem.py" it is not working. If I run the command…
    • over 2 years ago
    • Sophos Central API
    • Discussions
  • SIEM API in Qradar

    Sophos User6568
    Sophos User6568
    Hello, I'm using the SIEM API in Qradar and it works when I run the command manually but, when I configure a crontab with the command "*/10 * * * * python3 /root/Sophos-Central-SIEM-Integration-master/siem.py" it is not working. If I run the command…
    • over 2 years ago
    • Product Documentation Feedback
    • Feedback
  • Sort Firewall Rule Groups via API Call

    Ben@Network
    Ben@Network
    Hello Community, Is it possible to specify the order of firewall rule groups with an API call? When I create a new firewall rule, it is sorted at the end of the firewall rules. Then I add the rule to an existing group via API Call and the group is then…
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • Interacting via write permissions to Sophos Central API

    djdrastic
    djdrastic
    Hi we've used the on device API before to sync to entries such as ip host and fqdn entries to a bunch of our managed firewalls in our domain via some scripts but have run into a bit of an issue with one firewall. We have a firewall managed via Central…
    • Answered
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • Sophos XG API DHCPServer does unexpected

    Michael Schneider
    Michael Schneider
    Hallo Community, i am working on some powershell scripts against the XG APi, when i came across this strange behaviour i do not understand. I am trying to setup a DHCP Server via the API, everything is nicely wrapped in powershell class that's why…
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • API only sending 1000 events per 24 hours

    NicRage
    NicRage
    API only sending 1000 events per 24 hours. Afterwards api request will say "rate limited error". Tried token and api service principal admin credentials. Support said this is not a supportable issue. Any suggestions?
    • over 2 years ago
    • Sophos Central API
    • Discussions
  • creating WiFi SSID with Central API

    LHerzog
    LHerzog
    We'd like to automate creation of Wireless SSID in Sophos Central. So assign name, password, and other settings and apply this SSID to a subset of Central APs. Is there some basic how-to for this task available we can use as blue-print so we do not…
    • Answered
    • over 2 years ago
    • Sophos Central API
    • Discussions
  • API Bug if VPN PSK or RSA Key contains '+' character

    Ben@Network
    Ben@Network
    Hello Sophos, Hello Community, I have found a bug in the v19 API. When I create an IPSec connection (VPNIPSecConnection) via API on the firewall, the PresharedKey or the RemoteRSAKey is not correctly entered on the firewall if it contains a '+' character…
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • Advanced API Help with HTML Requests Firewall Rules

    drex dobson
    drex dobson
    I am trying to add and remove Source Destinations and Devices under Source to an existing rule thru HTML. I read many articles, have read the API help, studied the API under GET command, and this should be very simple but all I did was succeed in creating…
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • RESTful API STAS Online Users

    Miroslav Ille
    Miroslav Ille
    Hello fellow firewall admins, is there any option to get list of "Online Users" just like you can see on "Definitions & Users"/"Client Authentication" section of WebAdmin interface? My point is to get list of STAS authenticated users and their IP address…
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • API Authentication Failure

    Fabio Marziani
    Fabio Marziani
    I am triyng to add an IP host as first step with api. I am using the following direct in browser (chrome & Firefox): serintxgfire:4444/.../APIController APIVersion="1900.1" IPS_CAT_VER="1"><Login> <Username>StudioApiInt</Username><Password passwordform…
    • Answered
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • Enterprise and connectwise Automate Integration 403 error

    Akidosaint
    Akidosaint
    I have managed to get the API to no longer disconnect. But reviewing the plug in logs i'm getting a 403 error reason : cuts off . Downloaded log file and i get the following errors 2022-06-21T10:43:50.5813137+01:00 [1.0.0.135] SophosService :…
    • over 2 years ago
    • Sophos Integrations
    • ConnectWise Automate
  • How to send sophos log to Wazuh SIEM?

    vsm sam
    vsm sam
    new to sophos intercept x I used this to get event log details in sample.log files github.com/.../Sophos-Central-SIEM-Integration How can I connect wazuh SIEM from Sophos? this script get log file in script log folder, so how will syslog connect to…
    • over 2 years ago
    • Sophos Endpoint
    • Discussions
  • Help API automation from hotspot

    Welington Silva de Lima1
    Welington Silva de Lima1
    Good morning, dear friends, can you help me with a situation? We are doing a process to automate the creation of a voucher based on the hotspot we created, a series of errors are appearing, can you tell me what it could be? <?xml version="1.0…
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • Sophos XG(S) API Get commands

    DHeinze
    DHeinze
    Hi all, i want to use the Sophos XGS Api to get the status of: - services - ressources - disconncted reds - disconncted wlan ap´s - ATP - S2S Tunnel - High Availability i cant find any documentation for the get commands for the xgs…
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • Edit rule with API

    Edson Ordaz
    Edson Ordaz
    How can I add a device in the list of "Source networks and devices"? I have a Sophos XG 115w with firmware 17.5. Regards!
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • Initiate AP Firmware Installation with XG API

    fanil dean
    fanil dean
    Hello Guys! We manage about 30 Sophos XG Firewalls which we also have to update for sure. Now with the recent Access Point Firmware Update, which you have to do to keep new APs working, i need to access every firewall and click the install button. Now…
    • Answered
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • Getting started with powershell API

    Aaron Dalla-Longa
    Aaron Dalla-Longa
    I have been trying to find a guide or examples on using invoke-webrequest in powershell to do some simple data gathering. I was unable to find any documentation regarding this. Is there some examples or some documentation on using powershell with sophos…
    • Answered
    • over 2 years ago
    • Sophos Central API
    • Discussions
  • Sophos XG API / Lets Encrypt / PowerShell 7 / WAF Update

    nplm85
    nplm85
    Hopefully this can help others. I'm running the home licensed version and just recently moved to v19 I have a few WAF's that are configured externally this script is to do the following. Renew Multiple certificates that are already configured…
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • question about dynamic/automatic mac addresses objects

    lior me
    lior me
    hi i have a network that is based on source mac addresses for access permissions. is there a way to automate or maybe doing something dynamic (api/script/other) to easley add new macs to the list rather than doing it manually in the gui each time…
    • Answered
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • API Access, Log Exports

    dtconnect
    dtconnect
    Hello, can we access log messages in any way by api? I'd like to access at least https://cloud.sophos.com/manage/xgemail/reports/message-history But access to all report data would be very helpful. If there is no api access, can we have these reports…
    • Answered
    • over 2 years ago
    • Sophos Email
    • Discussions
  • Microsoft/Office365/Azure Endpoint objects Sophos XG(S)

    JeremyLeonard
    JeremyLeonard
    Microsoft lists all their endpoints and has a service that publishes these. They have an API to get the latest list. I wanted a way I could update objects in my XG/XGS firewalls with these endpoints as objects. This isn't build in by Sophos so I wrote…
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • Get Encrypted Password for Use in API

    John Bonino
    John Bonino
    Adding this documentation on how to generate encrypted passwords for use with the Sophos XG API. The published Sophos documentation is incorrect and lacks some verbosity. https://docs.sophos.com/nsg/sophos-firewall/19.0/Help/en-us/webhelp/onlinehelp…
    • over 2 years ago
    • Sophos Firewall
    • Discussions
<>