Hi, I need help. I am making a script in the python programming language to be able to load a list of applications that I want to control (2670 applications, approximately). Resource: api-{dataRegion}.central.sophos.com/.../settings I have two problems…

I am trying to move an endpoint from one group to another using the API. I have it all setup, I think, but when I do send the request I get an error from curl that it can't open the json I am sending. According to the API docs, this curl --request POST…

Hello everyone, I've been attempting to write a script to add (and also remove if needed) SSL/TLS scanning exclusions in Sophos Central. From what i've gathered, it's the following PATCH request that needs to be sent: Endpoint API | Sophos Central APIs…

I am attempting to create a script to call the Sophos API for a list of admins for auditing purposes. Specifically using this reference: https://developer.sophos.com/docs/common-v1/1/routes/admins/get I am trying to pull this information using Powershell…

I have the problem that when I query Sophos Central Partner API (Powershell) across all customer tenants and firewalls, I don't get all the results returned. It is not always the same tenants that are missing from the results, but different ones. However…

Hi, Is it possible to retrieve the alert data from the "Threat Analysis Center - Threat Graphs" dashboard via API? Using the XDRQuery API, I am able to retrieve the detection data (query "SELECT * FROM xdr_ioc_view WHERE Lower(ioc_detection_type)…

Hi All, i manged to get data from the Sophos Central API key but my PRTG doenst know what to do with this information. did anyone manged to get is working? Greetings Felix

Hi Team, We are trying to integrate Sophos Central logs with Qradar SIEM as guided in below mentioned link https://support.sophos.com/support/s/article/KB-000036372?language=en_US&name=KB-000036372 We are using windows server. We have updated all…

Hi, I am trying to generate the token using the URL " id.sophos.com/.../token " as a POST method. I got a successful result when requesting it with the POSTMAN tool. But when I request the same using java API it gives me " 400 BAD REQUEST: "{"errorCode…

Hi, I have managed to integrate and configure the firewall in Sophos Central. I would like to know how can I fetch firewall logs using postman. My main goal is to integrate this feature into a SIEM application. Regards, Balaji

Hi, I was wondering whether it is possible to fetch audit logs from Sophos central. I managed to bring event logs from Sophos Central using Postman but would also like to get audit logs as well. I would also like to know what other logs we can fetch from…

Does Sophos provide any validity management for its API credentials, after its 36 months expiry? If possible, how can we handle this situation with a SIEM application?

API only sending 1000 events per 24 hours. Afterwards api request will say "rate limited error". Tried token and api service principal admin credentials. Support said this is not a supportable issue. Any suggestions?

I AM USING Sophos Endpoint to get all machines from all tenants and i am getting the results ie 8K plus .I tried verifying the data using sophos central dashboard but it differs .Around 1k difference is there .I want to know why the mismatch happens

I have been trying to find a guide or examples on using invoke-webrequest in powershell to do some simple data gathering. I was unable to find any documentation regarding this. Is there some examples or some documentation on using powershell with sophos…

Hi, We're writing some reports the GET function is working fine, but when we make POST to add new user to group we get error 400, can someone point me at right direction or tell me what i'm doing wrong, with same script just modified the body part…

Hi, We're developing some api request to daily reports that work fine with GET, but when we made some POST they didnt work, i can create user with the same script below, but when i try to put that user into a group i get error 400, if someone have…

Hi, I did follow the manual with cURL but i couldnt connect to sophos, i try with ps and worked but it didnt bring me any endpoint, could you point me in the right direction. Thanks

Hello, Between this: https://developer.sophos.com/docs/endpoint-v1/1/routes/downloads/get and this: https://developer.sophos.com/getting-started I got as far as trying to submit a 'curl' command to get the downloadURL value for a given tenant. I…

Dear, I would like to know if anyone has an improved version of the existing sophos Central Api in the Xsoar marketplace (demisto) in palo alto? or if they know a way for sophos to send by mail the result of a Scan and/or the alarms that are seen…

Hello, I am trying to raise a request to get Sophos to develop a feature, where the API can also give you the information "last active" from the API response. At the moment, the API only gives the information "last seen", which isn't as up to date as…

I've made a request to IBM for official integration between Sophos Central and IBM QRadar SIEM. If you have an interest in this please vote for the request at https://ibmsecurity.ideas.ibm.com/ . Idea: QDSM-I-1640.

TL;DR I'm trying to query the list of tenants using the Partner API in Azure Data Factory (ADF). The pagination functionality within ADF relies on there being some sort of reference to the next page in the response to the current page, which isn't the…

Hi, at some point today (it worked around 9am today UTC) I stopped being able to query your endpoint in subject. I am able to query woami/v1 to retrieve ID. The response I've just got: "error": "Internal Server Error", "correlationId": "74629146…

Hi, I have a question about the Partner API GET tenants method described here https://developer.sophos.com/docs/partner-v1/1/routes/tenants/get Starting from januari 10th this year, the billingType attribute always returns null. GET https://api…