Sophos integration

If you’re new to integrations in Rewst, read through our introductory integration documentation here.

What does the Sophos integration do?

Integrating Rewst with Sophos brings robust cybersecurity capabilities to your Rewst workflows, enhancing data protection and threat management. Leverage Sophos' advanced security solutions to strengthen defense against cyber threats. Features include malware detection, ransomware protection, network security, and endpoint protection.

Why use the Sophos integration?

Account and Data Consistency Management
  • Ensure consistent and standardized data across platforms by automating the setup of customer accounts.

    • Automatically synchronize client names between Rewst and Sophos, eliminating the need for manual adjustments or TenantName overrides.

    • Streamline the initial stand-up of customer accounts, verifying data consistency and adherence to established standards.

    • Efficiently create customers, users, and other necessary entities within Sophos, ensuring a seamless onboarding process.

Alert Management and Security Compliance
  • Build workflows to effectively handle alerts and ensure security compliance measures are in place.

    • Enable proactive alerting when tamper protection is disabled, ensuring prompt action and maintaining security standards.

Policy and Resource Management
  • Streamline policy and resource management within Sophos, ensuring consistency and efficiency.

    • Create, read, update, delete, reset, and clone policies and their settings.

    • Manage endpoint groups and their members, including the ability to assign or unassign endpoints and servers.

    • Assign and update policies for specific user groups, endpoints, and endpoint groups efficiently.

    • Retrieve protection statuses per device, providing valuable insights into the security posture of individual assets.

Set up the Sophos integration

Sophos requires that a user be a Super Admin to manage and add API credentials.

Sophos credentials expire 36 months from the date of creation. We suggest setting a reminder to update the credential at the time of expiration.

Set up steps in Sophos

  1. Log in to your Sophos account.

  2. Navigate to My Products > General Settings > API Credentials Management.

  3. Click Add Credential.

  4. Provide a name and description for the credential to identify and distinguish it from others. We recommend Rewst API.

  5. Choose the role that will be assigned to this credential. The available roles to choose from can be viewed here.

  6. Click Add.

  7. Copy the value for the Client ID and Client Secret. Save both of these somewhere secure. You'll need them for further steps in Rewst. Once you migrate away from this page, you won't be able to see the information again.

Set up steps in Rewst

  1. Navigate to Configuration > Integrations in the left side menu of your Rewst platform.

  2. Search for Sophos in the integrations page.

  3. Click on the integration tile to launch the configuration setup page.

  4. Under Parameters, enter the information copied from Sophos into the relevant fields:

    1. Client ID

    2. Client Secret

  5. Click Save Configuration.

  6. Rewst will do a quick validation of your input. Once completed, you'll see a new section beneath the configuration form for organization mapping. Complete your mapping as desired.

Actions and endpoints

For more on how actions work in Rewst, check out our introductory actions documentation here.

Sophos' own API documentation can be found here.

Category
Action
Description

Alerts

List Alerts

List alerts matching specified criteria

Alerts

Get Alert

Get details of a specific alert

Alerts

Take Action On Alert

Take an action on a specific alert

Allowed Items

List Exemptions

Get all allowed items from settings

Allowed Items

Create Exemption

Exempt an item from conviction

Allowed Items

Get Exemption

Get an exemption by ID

Allowed Items

Update Exemption

Update an exemption

Allowed Items

Delete Exemption

Deletes the specified exemption

Blocked Items

List Quarantined Items

Get all blocked items

Blocked Items

Add Item To Quarantine

Block an item from exoneration

Blocked Items

Get Quarantined Item

Get a blocked item by ID

Blocked Items

Delete From Quarantine

Deletes the specified blocked item

Directory Management

List Users

List users in the directory

Directory Management

Create User

Add a new user to the directory

Directory Management

Get User

Get a user by ID

Directory Management

Delete User

Delete a user by ID

Directory Management

Update User

Update an existing user

Directory Management

List User Groups

List user groups in the directory

Directory Management

Create User Group

Add a new group to the directory

Directory Management

Get User Group

Get a user group by ID

Directory Management

Delete User Group

Deletes the specified user group. Group must be empty.

Directory Management

Update User Group

Update a user group

Directory Management

Get User Group Membership

List groups that a user belongs to

Directory Management

Add User To Group(s)

Add a user to multiple groups

Directory Management

Remove User From Group(s)

Remove a user from multiple groups

Directory Management

List Users In Group

List users in the specified group

Directory Management

Add User(s) To Group

Add multiple users to the specified group

Directory Management

Remove User(s) From Group

Remove multiple users from a group

Downloads

List Endpoint Installer Links

Get all the endpoint installer links for a tenant

Endpoint Groups Management

List Endpoint Groups

Endpoint groups in the directory

Endpoint Groups Management

Create Endpoint Group

Add new endpoint group to the directory

Endpoint Groups Management

List Endpoint Groups By Type

Endpoint groups of your specified type in the directory

Endpoint Groups Management

Get Endpoint Group

Get endpoint group by ID

Endpoint Groups Management

Delete Endpoint Group

Delete endpoint group

Endpoint Groups Management

Update Group

Update endpoint group

Endpoint Groups Management

List Endpoints in Group

Endpoints in your specified group

Endpoint Groups Management

Add Endpoint(s) to Group

Add endpoints to your group

Endpoint Groups Management

Remove From Group

Remove endpoints from a group

Endpoint Groups Management

Remove From Group

Remove endpoint from a group

Endpoint Isolation

Configure Endpoint(s) Isolation Settings

Turn on or off endpoint isolation for multiple endpoints

Endpoint Isolation

Get Endpoint's Isolation Settings

Get isolation settings for an endpoint

Endpoint Isolation

Update Endpoint's Isolation Settings

Update isolation settings for an endpoint

Endpoints

List Endpoints

Get all the endpoints for the specified tenant

Endpoints

Get Endpoint

Get an endpoint based on ID

Endpoints

Delete Endpoint

Deletes a specified endpoint

Event Journal

List Event Journal Settings

Get all event journal settings

Event Journal

Update Event Journal Settings

Update settings for event journal size and disk space limits If you specify both a maximum disk space and a maximum journal size, the lower of these limits is used

Exploit Mitigation

List Detected Exploits

Get detected exploits and the number of each detected exploit

Exploit Mitigation

Get Detected Exploit

Get a detected exploit by ID

Exploit Mitigation

List Exploit Mitigation Categories

Lists all the Exploit Mitigation categories

Exploit Mitigation

List Exploit Mitigation Applications

Get Exploit Mitigation settings for all protected applications

Exploit Mitigation

Add Application To Exploit Mitigation Exclusions

Exclude a set of file paths from Exploit Mitigation

Exploit Mitigation

Get Application's Exploit Mitigation Settings

Get Exploit Mitigation settings for an application

Exploit Mitigation

Update Application Exploit Mitigation Settings

Update Exploit Mitigation settings for an application

Exploit Mitigation

Remove Exploit Mitigation Application

Deletes a custom (user-defined) Exploit Mitigation application by ID. Note you can only delete custom applications A request to delete a system-detected application fails with a 409 Conflict message

Firewall Groups

List Firewall Groups

Retrieve firewall groups for a tenant

Firewall Groups

Create Firewall Group

Create firewall group

Firewall Groups

Update Group

Change firewall group name. You can also assign firewalls to group. Or remove firewalls from a group

Firewall Groups

Delete Firewall Group

Delete firewall group using its ID

Firewall Groups

List Firewall Group Sync Status

Synchronization status for the firewalls in a group

Firewalls

List Firewalls

List of firewalls

Firewalls

Update Firewall

Update firewalls with supplied values

Firewalls

Delete Firewall

Delete firewall using its ID

Firewalls

Run Firewall Action

Action you want to do to a firewall

Firewalls

Check Firmware

Check firmware for firewalls

Firewalls

Upgrade Firewall

Upgrade firewalls

Firewalls

Cancel Scheduled Firewall Upgrade

Cancel scheduled upgrade for a firewall

Generic Request

Sophos API Request

Generic action for making authenticated requests against the Sophos API

Global Tamper Protection

Check Global Tamper Protection Setting

Check whether Tamper Protection is turned on globally

Intrusion Prevention

List Intrusion Prevention Exclusions

Get all Intrusion Prevention exclusions

Intrusion Prevention

Add Intrusion Prevention Exclusion

Add a new Intrusion Prevention exclusion

Intrusion Prevention

Get Intrusion Prevention Exclusion

Get an Intrusion Prevention exclusion by ID

Intrusion Prevention

Remove Intrusion Prevention Exclusion

Delete an Intrusion Prevention exclusion by ID

Intrusion Prevention

Update Intrusion Prevention Exclusion

Update an Intrusion Prevention exclusion by ID

Isolation Exclusions

List Isolation Exclusions

Get all isolation exclusions

Isolation Exclusions

Create Isolation Exclusion

Adds a new Isolation exclusion

Isolation Exclusions

Get Isolation Exclusion

Get a single Isolation exclusion by ID

Isolation Exclusions

Delete Isolation Exclusion

Deletes an Isolation exclusion

Isolation Exclusions

Update Isolation Exclusion

Updates an Isolation exclusion by ID

Migrations

List Migrations

Gets all migration jobs for the tenant

Migrations

Start Recieving Migration Job

Start a migration job in the receiving tenant

Migrations

Get Migration Job

Get a single migration job

Migrations

Start Starting Migration Job

Start a migration job in the sending tenant

Migrations

List Migration Endpoint Statuses

Gets the status of endpoints that are being migrated

Packages

List Recommended Packages

Get all Sophos Recommended packages for the tenant

Packages

List Static Packages

Get all static packages available for the tenant

Packages

Get Static Package

Get an individual static package

Packages

Add Special Package

Add a special package by token, supplied by Sophos support. This is a one-way operation

Packages

List Static Package Comments

Get all software comments

Packages

Get Static Package Comment

Get the static package comment

Packages

Update Static Package Comment

Add/Update the static package comment

Packages

Delete Static Package Comment

Delete the static package comment

Partner Admins

List Partner Admins

List all partner admins

Partner Admins

Create Partner Admin

Create a new partner administrator

Partner Admins

Get Partner Admin

Get partner administrator details by ID

Partner Admins

Get Partner Admin's Role Assignments

Get the list of role assignments for given partner admin

Partner Admins

Assign A Partner Admin Role

Assign a role to a partner administrator

Partner Admins

Get Partner Admin Role Assignment

Get partner administrator role assignment by ID

Partner Admins

Remove A Partner Admin Role Assignment

Remove role assignment from a partner admin

Partner Billing

List Partner Usage Report

Gets a partner usage report for a particular month and year

Partner Role Management

List Partner Roles

List all partner roles

Partner Role Management

Create Partner Role

Create a new partner role

Partner Role Management

Get Partner Role

Get partner role by ID

Partner Role Management

Delete Partner Role

Delete a partner role by ID

Partner Role Management

Update Partner Role

Update an existing partner role

Partner Role Management

Get Partner Role Permission Sets

Get permission set details for a Partner Role

Peripheral Control

List Peripherals

Get all the peripherals

Peripheral Control

Get Peripheral

Get a peripheral by ID

Policy Management

List Policies

List the policies of a tenant

Policy Management

Create Policy

Create a new policy

Policy Management

Get Policy Setting Metadata

Get's a list of metadata for the policy settings

Policy Management

Get Policy

Gets a policy's details

Policy Management

Update Policy

Update policy. Note you can only change the settings for a base policy

Policy Management

Delete Policy

Deletes a policy

Policy Management

List Policy Settings

Gets a list of policy settings

Policy Management

Update Policy Settings

Updates a policy settings

Policy Management

Reset All Settings for a Policy

Reset policy settings

Policy Management

Get Policy Setting Value

Get the value of a setting key in a policy

Policy Management

Reset Single Policy Setting

Reset a setting to its default value

Policy Management

Clone Policy

Clone a policy

Policy Management

Get Base Policy

Get base policy for a policy type

Policy Management

Update Base Policy

Update base policy. Note that only settings can be changed

Policy Management

Get Base Policy Settings

Get settings of the base policy for a policy type

Policy Management

Update Base Policy Settings

Update settings in the base policy for a policy type

Policy Management

Reset Base Policy Settings

Reset the settings in a base policy

Policy Management

Get Base Policy Setting

Get the value of a setting in the base policy for a policy type

Policy Management

Update Base Policy Setting

Update a setting in the base policy

Policy Management

Reset Setting in Base Policy

Reset a setting in the base policy to its default value

Policy Management

Clone Base Policy

Clone a new policy from the base policy for a policy type

Scanning Exclusions

List Scanning Exclusions

List scanning exclusions

Scanning Exclusions

Add Scanning Exclusion

Add a new scanning exclusion

Scanning Exclusions

Get Scanning Exclusion

Get a scanning exclusion by ID

Scanning Exclusions

Update Scanning Exclusion

Update a scanning exclusion by ID

Scanning Exclusions

Delete Scanning Exclusion

Deletes a scanning exclusion

Scans

Scan Endpoint

Sends a request to the specified endpoint to perform or configure a scan

Tamper Protection

Get Endpoint's Tamper Protection Settings

Get Tamper Protection settings for a specified endpoint

Tamper Protection

Update Endpoint Tamper Protection Settings

Turns Tamper Protection on or off on an endpoint. Or generates a new Tamper Protection password Note that Tamper Protection can be turned on for an endpoint only if it has also been turned on globally.

Tenant Access

List Tenant Admins

List all tenant admins

Tenant Access

Create Tenant Admin

Create a tenant admin from a directory user

Tenant Access

Get Tenant Admin

Get admin details by ID

Tenant Access

Delete Tenant Admin

Remove an admin by ID

Tenant Access

List All Roles For Admin

Get the list of role assignments for given admin

Tenant Access

Assign a Role To a Tenant Admin

Assign a role of principal type "user" to a tenant admin Any existing assignment is overridden

Tenant Access

Get Specific Tenant Admin's Role Information

Get tenant admin role assignment information by ID

Tenant Access

Remove Tenant Admin Role Assignment

Remove role assignment from an admin account

Tenant Role Management

List Tenant Roles

List all roles in the tenant

Tenant Role Management

Create Tenant Role

Create a new tenant role

Tenant Role Management

Get Tenant Role

Get Tenant Role by ID

Tenant Role Management

Delete Tenant Role

Delete a tenant role by ID

Tenant Role Management

Update Tenant Role

Update an existing tenant role

Tenant Role Management

List Tenant Role Permission Sets

Get permission set details for roles

Tenants

Create Tenant

Create a new tenant

Tenants

List Tenants

List all the tenants for a partner

Tenants

Get Tenant

Get a tenant by ID

Update Checks

Request Endpoint Update Check

Sends a request to the endpoint to check for Sophos management agent software updates

Web Control

List Local Sites

Get all sites for the tenant

Web Control

Add Local Site Exclusion

Adds a new local site to your exclusions

Web Control

Get Local Site

Get a local site by ID

Web Control

Update Local Site

Update a local site definition

Web Control

Delete Local Site

Deletes the specified local site

Web Control

List Web Categories

Get all Web Control categories

Web Control

List SSL/TLS Settings

Get settings for SSL/TLS decryption of HTTPS websites

Web Control

Update SSL/TLS Settings

Update settings for SSL/TLS decryption of HTTPS websites

Web Control

List SSL/TLS Excluded Sites

List of websites excluded from SSL/TLS decryption

Web Control

Update SSL/TLS Exclusions

Add and remove websites excluded from SSL/TLS decryption

Web Control

Clear SSL/TLS Website Exclusions

Clears the list of websites excluded from SSL/TLS decryption

Last updated

Was this helpful?