Hello everyone, I've been attempting to write a script to add (and also remove if needed) SSL/TLS scanning exclusions in Sophos Central. From what i've gathered, it's the following PATCH request that needs to be sent: Endpoint API | Sophos Central APIs…

Hi everyone, I'm planning to add some Sophos API functions into an in-house application written in C#. At the moment I'm just working on a scratch app so that I can test code for authenticating, getting a token etc. without affecting live code, but…

I am attempting to create a script to call the Sophos API for a list of admins for auditing purposes. Specifically using this reference: https://developer.sophos.com/docs/common-v1/1/routes/admins/get I am trying to pull this information using Powershell…

Hi, Is it possible to retrieve the alert data from the "Threat Analysis Center - Threat Graphs" dashboard via API? Using the XDRQuery API, I am able to retrieve the detection data (query "SELECT * FROM xdr_ioc_view WHERE Lower(ioc_detection_type)…

Hello, We are looking for assistance in retrieving the status of VPN tunnels on a Sophos XGS running version 19. Our goal is to check the status of the VPN tunnels from a Linux machine using the Sophos API. We have already enabled the API on the Sophos…

Hi all, I was wondering if there's a way to retrieve the date of "Last Agent Update" of Sophos Agent on Computer/Servers via API We are able to get this info massively from Computers and Servers Report, but I wanted to automate this check without…

Hi All, i manged to get data from the Sophos Central API key but my PRTG doenst know what to do with this information. did anyone manged to get is working? Greetings Felix

i want to use central api connector and i did. When i run the main py program i get invalid --get parameter passed. I run it from my command line and ..main.py --auth static

Hello Together, we are integrating Sophos Central to our MDM solution via the api and now have a problem with some of clients reporting incorrect status via api. For example i take this client: If i query it via the Sophos Central API this is…

Hello, I integrated Sophos with Qradar using the API, it had been working till today as I'm seeing a timed out error. We didn't any change in the firewall policies. [root@invqrdraio bin]# python3 siem.py Config endpoint=/siem/v1/events, filename…

Hi, I am trying to generate the token using the URL " id.sophos.com/.../token " as a POST method. I got a successful result when requesting it with the POSTMAN tool. But when I request the same using java API it gives me " 400 BAD REQUEST: "{"errorCode…

The script siem.py is very useful to retrieve alerts and actions on Sophos Central, but it is unable to collect data from XDR. Is it possible to "empower" it to read XDR data? SIEM would have a complete visibility on activities done on the infrastructure…

Hi, I've put an issue, that may be by design (an awful design), whereby if you pull values via the API, they are all transposed with each two digit pair For example, if I pull an event and it shows me an endpoint_id of: endpoint_id":"baee7c85-6cd5…

Hi there, Has anyone managed to construct API queries to pull out Detections/Investigations from Sophos XDR at all? We want these to be pushed into our ticketing platform as they are generated (or fetch them every 5 mins etc.) but I can't find any…

Hello, I'm using the SIEM API in Qradar and it works when I run the command manually but, when I configure a crontab with the command "*/10 * * * * python3 /root/Sophos-Central-SIEM-Integration-master/siem.py" it is not working. If I run the command…

API only sending 1000 events per 24 hours. Afterwards api request will say "rate limited error". Tried token and api service principal admin credentials. Support said this is not a supportable issue. Any suggestions?

We'd like to automate creation of Wireless SSID in Sophos Central. So assign name, password, and other settings and apply this SSID to a subset of Central APs. Is there some basic how-to for this task available we can use as blue-print so we do not…

I have been trying to find a guide or examples on using invoke-webrequest in powershell to do some simple data gathering. I was unable to find any documentation regarding this. Is there some examples or some documentation on using powershell with sophos…

Hi, We're writing some reports the GET function is working fine, but when we make POST to add new user to group we get error 400, can someone point me at right direction or tell me what i'm doing wrong, with same script just modified the body part…

Hi, We're developing some api request to daily reports that work fine with GET, but when we made some POST they didnt work, i can create user with the same script below, but when i try to put that user into a group i get error 400, if someone have…

Hi, I did follow the manual with cURL but i couldnt connect to sophos, i try with ps and worked but it didnt bring me any endpoint, could you point me in the right direction. Thanks

Anyone else noticing a high number of request time outs to the API's in the past 24hrs or so? my requests currently go to api-us01.central.sophos.com/endpoint/v1/endpoints getting a a time out on about every other request sent. [These are not…

Hey all new to the community... Just started using the API's and have already hit a snag. has anyone else ran into a 10 character limit in the endpoint api? specifically: /endpoint/v1/endpoints?hostnameContains=<SOMESTRING> If I enter a device…

Dear, I would like to know if anyone has an improved version of the existing sophos Central Api in the Xsoar marketplace (demisto) in palo alto? or if they know a way for sophos to send by mail the result of a Scan and/or the alarms that are seen…

Hello, was wondering if it was possible to isolate individual devices via RESTful API calls and/or if there is already documentation around this. Thank you,