Sophos integration setup
Last updated
Was this helpful?
Last updated
Was this helpful?
Integrating Rewst with Sophos brings robust cybersecurity capabilities to your Rewst workflows, enhancing data protection and threat management. With the integration, Rewst users can leverage Sophos' advanced security solutions to strengthen their defense against cyber threats. This includes features such as malware detection, ransomware protection, network security, and endpoint protection. By integrating Sophos into Rewst, users can enhance their security posture, mitigate risks, and safeguard sensitive data. The integration empowers users to proactively manage their cybersecurity within the Rewst platform, ensuring a secure environment for their operations and protecting against evolving threats.
To set up the Sophos Integration, you'll need to do the following:
Navigate to the Global Settings of Sophos and locate the API Credentials Management section.
Click on the "Add Credential" button to initiate the process of adding a new credential.
Provide a name and description for the credential to identify and distinguish it from others.
Choose the role that will be assigned to this credential. The available roles to choose from can be viewed .
Navigate to the integrations page in Rewst.
Click on the Sophos integration.
Fill out the integration form.
Submit the form.
We'll run a quick test to ensure that the credentials are valid and that we can successfully connect to the Sophos API.
List alerts matching specified criteria
GET /common/v1/alerts
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Group Key
String (?)
Alert group key. You can filter by group key
From
String (?)
You can find alerts that were raised on or after this time
To
String (?)
You can find alerts that were raised before this time
Sort
Array
Defines how to sort the data
Product
Array
Alerts for a product. You can query by product types
Category
Array
Alert category. You can query by different categories
Severity
Array
Alerts for a specific severity level. You can query by severity levels
Alerts
String (?)
List of IDs
Fields
String (?)
The fields to return in a partial response
Get details of a specific alert
GET /common/v1/alerts/{alertId}
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Alert*
Sophos Alert
None Provided
Take an action on a specific alert
POST /common/v1/alerts/{alertId}/actions
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Alert*
Sophos Alert
None Provided
Action*
String (?)
Actions that you can perform on these alerts
Message
String (?)
Message to send for the action
Get all allowed items from settings
GET /endpoint/v1/settings/allowed-items
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Exempt an item from conviction
POST /endpoint/v1/settings/allowed-items
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Type*
String (?)
Property by which an item is allowed
Comment*
String (?)
Comment indicating why the item should be allowed
Origin Person*
String (?)
Person associated with the endpoint where the item to be allowed was last seen
Origin Endpoint
String (?)
Endpoint where the item to be allowed was last seen
Get an exemption by ID
GET /endpoint/v1/settings/allowed-items/{allowedItemId}
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Blocked Item*
Sophos Blocked Item
None Provided
Update an exemption
PATCH /endpoint/v1/settings/allowed-items/{allowedItemId}
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Blocked Item*
Sophos Blocked Item
None Provided
Comment*
String (?)
Comment indicating why the item should be allowed
Deletes the specified exemption
DELETE /endpoint/v1/settings/allowed-items/{allowedItemId}
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Blocked Item*
Sophos Blocked Item
None Provided
File Name*
String (?)
File name
Path*
String (?)
Path for the application
Sha256*
String (?)
Sha256 value for the application
Certificate Signer*
String (?)
Value saved for the certificateSigner
Get all blocked items
GET /endpoint/v1/settings/blocked-items
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Block an item from exoneration
POST /endpoint/v1/settings/blocked-items
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Type*
String (?)
Property by which an item is blocked
Comment*
String (?)
Comment indicating why the item should be allowed
Get a blocked item by ID
GET /endpoint/v1/settings/blocked-items/{blockedItemId}
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Blocked Item*
Sophos Blocked Item
None Provided
Deletes the specified blocked item
DELETE /endpoint/v1/settings/blocked-items/{blockedItemId}
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Blocked Item*
Sophos Blocked Item
None Provided
File Name*
String (?)
File name
Path*
String (?)
Path for the application
Sha256*
String (?)
Sha256 value for the application
Certificate Signer*
String (?)
Value saved for the certificateSigner
List users in the directory
GET /common/v1/directory/users
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Sort
Array
Defines how to sort the data
Fields
String (?)
The fields to return in a partial response
IDs
String (?)
List of item IDs to match
Search
String (?)
Search for items that match the given terms
Search Fields
Array
Search only within the specified fields, username field is default if search query is specified
Source Type
String
Source directory type
User Group
Sophos User Group
None Provided
Domain
String (?)
List the items that match the given domain
Add a new user to the directory
POST /common/v1/directory/users
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Fields
String (?)
The fields to return in a partial response
Name
String (?)
User's full name
First Name
String (?)
None Provided
Last Name
String (?)
None Provided
String (?)
User's email address
Exchange Login
String (?)
User's Exchange login
User Group
Array
Groups that the user should be added to
Get a user by ID
GET /common/v1/directory/users/{userId}
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
User*
Sophos User
None Provided
Fields
String (?)
The fields to return in a partial response
Delete a user by ID
DELETE /common/v1/directory/users/{userId}
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
User*
Sophos User
None Provided
Update an existing user
PATCH /common/v1/directory/users/{userId}
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
User*
Sophos User
None Provided
Fields
String (?)
The fields to return in a partial response
Name
String (?)
User's full name
First Name
String (?)
None Provided
Last Name
String (?)
None Provided
String (?)
User's email address
Exchange Login
String (?)
User's Exchange login
List user groups in the directory
GET /common/v1/directory/user-groups
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Sort
Array
Defines how to sort the data
Fields
String (?)
The fields to return in a partial response
IDs
String (?)
List of item IDs to match
Search
String (?)
Search for items that match the given terms
Search Fields
Array
Search only within the specified fields, username field is default if search query is specified
Source Type
String
Source directory type
User
Sophos User
None Provided
Domain
String (?)
List the items that match the given domain
Add a new group to the directory
POST /common/v1/directory/user-groups
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Fields
String (?)
The fields to return in a partial response
Name
String (?)
Group name
Description
String (?)
Group description
Users
Array
Users in the group
Get a user group by ID
GET /common/v1/directory/user-groups/{groupId}
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
User Group*
Sophos User Group
None Provided
Fields
String (?)
The fields to return in a partial response
Deletes the specified user group. The group must be empty.
DELETE /common/v1/directory/user-groups/{groupId}
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
User Group*
Sophos User Group
None Provided
Update a user group
PATCH /common/v1/directory/user-groups/{groupId}
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
User Group*
Sophos User Group
None Provided
Fields
String (?)
The fields to return in a partial response
Name
String (?)
New group name
Description
String (?)
Group description
List groups that a user belongs to
GET /common/v1/directory/users/{userId}/groups
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
User*
Sophos User
None Provided
Sort
Array
Defines how to sort the data
Fields
String (?)
The fields to return in a partial response
Search
String (?)
Search for items that match the given terms
Search Fields
Array
Search only within the specified fields, username field is default if search query is specified
Source Type
String
Source directory type
Domain
String (?)
List the items that match the given domain
Add a user to multiple groups
POST /common/v1/directory/users/{userId}/groups
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
User*
Sophos User
None Provided
IDs
String (?)
List of group IDs
Remove a user from multiple groups
DELETE /common/v1/directory/users/{userId}/groups
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
User*
Sophos User
None Provided
User Groups
String (?)
List of group IDs
List users in the specified group
GET /common/v1/directory/user-groups/{groupId}/users
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
User Group*
Sophos User Group
None Provided
Sort
Array
Defines how to sort the data
Fields
String (?)
The fields to return in a partial response
Search
String (?)
Search for items that match the given terms
Search Fields
Array
Search only within the specified fields, username field is default if search query is specified
Source Type
String
Source directory type
Domain
String (?)
List the items that match the given domain
Add multiple users to the specified group
POST /common/v1/directory/user-groups/{groupId}/users
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
User Group*
Sophos User Group
None Provided
Users
String (?)
List of user IDs
Remove multiple users from a group
DELETE /common/v1/directory/user-groups/{groupId}/users
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
User Group*
Sophos User Group
None Provided
Users
String (?)
List of user IDs
Get all the endpoint installer links for a tenant
GET /endpoint/v1/downloads
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Requested Products
Array
Products to include in the installers. All values are given if you don't use filters
Platforms
Array
Specify which platforms to include. All values are given if you don't use filters
Endpoint groups in the directory
GET /endpoint/v1/endpoint-groups
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Group Type
String
Endpoint group type
Sort
Array
Defines how to sort the data
Fields
String (?)
The fields to return in a partial response
Endpoint Groups
String (?)
IDs to match
Search
String (?)
Search for items that match the given terms
Search Fields
Array
Search only within the specified fields, username field is default if search query is specified
Endpoints
Array
Endpoints UUIDs
Add a new endpoint group to the directory
POST /endpoint/v1/endpoint-groups
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Fields
String (?)
The fields to return in a partial response
Name*
String (?)
Group name
Description
String (?)
Group description
Type*
String (?)
Endpoint group types
Endpoints
Array
Endpoints UUIDs
Endpoint groups of your specified type in the directory
GET /endpoint/v1/endpoint-groups/types/{groupType}
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Group Type*
String
Endpoint group type
Sort
Array
Defines how to sort the data
Fields
String (?)
The fields to return in a partial response
IDs
String (?)
IDs to match
Search
String (?)
Search for items that match the given terms
Search Fields
Array
Search only within the specified fields, username field is default if search query is specified
Endpoints
Array
Endpoints UUIDs
Get endpoint group by ID
GET /endpoint/v1/endpoint-groups/{groupId}
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Endpoint Groups*
Sophos Endpoint Group
None Provided
Fields
String (?)
The fields to return in a partial response
Delete endpoint group
DELETE /endpoint/v1/endpoint-groups/{groupId}
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Endpoint Groups*
Sophos Endpoint Group
None Provided
Update endpoint group
PATCH /endpoint/v1/endpoint-groups/{groupId}
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Endpoint Groups*
Sophos Endpoint Group
None Provided
Fields
String (?)
The fields to return in a partial response
Name
String (?)
New group name
Description
String (?)
Group description
Endpoints in your specified group
GET /endpoint/v1/endpoint-groups/{groupId}/endpoints
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Endpoint Groups*
Sophos Endpoint Group
None Provided
Sort
Array
Defines how to sort the data
Fields
String (?)
The fields to return in a partial response
Search
String (?)
Search for items that match the given terms
Search Fields
Array
Search only within the specified fields, username field is default if search query is specified
Add endpoints to your group
POST /endpoint-groups/{groupId}/endpoints
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Endpoint Groups*
Sophos Endpoint Group
None Provided
Endpoints
String (?)
List of endpoint IDs
Remove endpoints from a group
DELETE /endpoint-groups/{groupId}/endpoints
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Endpoint Groups*
Sophos Endpoint Group
None Provided
IDs
String (?)
Endpoint IDs
Remove endpoint from a group
DELETE /endpoint-groups/{groupId}/endpoints/{endpointId}
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Endpoint Groups*
Sophos Endpoint Group
None Provided
Endpoint*
Sophos Endpoint
None Provided
Turn on or off endpoint isolation for multiple endpoints
POST /endpoint/v1/endpoints/isolation
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Enabled
String (?)
Whether Tamper Protection should be turned on for the endpoint
Comment*
String (?)
Comment indicating why the item should be allowed
IDs
String (?)
List of endpoints IDs
Get isolation settings for an endpoint
GET /endpoint/v1/endpoints/{endpointId}/isolation
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Endpoint*
Sophos Endpoint
None Provided
Update isolation settings for an endpoint
PATCH /endpoint/v1/endpoints/{endpointId}/isolation
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Endpoint*
Sophos Endpoint
None Provided
Enabled
String (?)
Whether Tamper Protection should be turned on for the endpoint
Comment*
String (?)
Comment indicating why the item should be allowed
Get all the endpoints for the specified tenant
GET /endpoint/v1/endpoints
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Sort
Array
Defines how to sort the data
Health Status
Array
Find endpoints by health status
Type
String (?)
Find endpoints by type
Tamper Protection Enabled
String (?)
Find endpoints by whether Tamper Protection is turned on
Lockdown Status
Array
Find endpoints by lockdown status
Last Seen Before
String (?)
Find endpoints that were last seen before the given date and time (UTC) or a duration relative to the current date and time (exclusive).
Last Seen After
String (?)
Find endpoints that were last seen after the given date and time (UTC) or a duration relative to the current date and time (inclusive).
IDs
String (?)
Find endpoints with the specified IDs
Isolation Status
String
Find endpoints by isolation status
Hostname Contains
String (?)
Find endpoints where the hostname contains the given string Only the first 10 characters of the given string are matched.
Associated Person Contains
String (?)
Find endpoints where the name of the person associated with the endpoint contains the given string Only the first 10 characters of the given string are matched.
Group Name Contains
String (?)
Find endpoints where the name of the group the endpoint is in contains the given string Only the first 10 characters of the given string are matched.
Search
String (?)
Search for items that match the given terms
Search Fields
Array
Search only within the specified fields, username field is default if search query is specified
IP Addresses
Array
Find endpoints by IP addresses
Cloud
Array
Find endpoints that are cloud instances. You must use URL encoding
Fields
String (?)
The fields to return in a partial response
View
String
Type of view to be returned in response
Assigned To Group
String (?)
Whether endpoint is assigned to a group
Endpoint Groups
Array
Groups that the endpoint should be added to
MAC Addresses
Array
Find endpoints by MAC Addresses Can be in EUI-48 or EUI-64 format, case insensitive, colon, hyphen or dot separated, or with no separator e.g. 01:23:45:67:89:AB, 01-23-45-67-89-ab, 0123.4567.89ab, 0123456789ab, 01:23:45:67:89πcd:ef.
Get an endpoint based on ID
GET /endpoint/v1/endpoints/{endpointId}
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Endpoint*
Sophos Endpoint
None Provided
Fields
String (?)
The fields to return in a partial response
View
String
Type of view to be returned in response
Deletes a specified endpoint
DELETE /endpoint/v1/endpoints/{endpointId}
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Endpoint*
Sophos Endpoint
None Provided
Get all event journal settings
GET /endpoint/v1/settings/event-journal/{endpointType}
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Endpoint Type*
String
Endpoint type
Update settings for event journal size and disk space limits If you specify both a maximum disk space and a maximum journal size, the lower of these limits is used
PATCH /endpoint/v1/settings/event-journal/{endpointType}
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Endpoint Type*
String
Endpoint type
Use Recommended
String (?)
Shows if the recommended setting is required
Disk Space Limit In Mb
String (?)
Maximum size of the event journal (MB)
Disk Space Limit As Percentage
String
Disk space limit for the event journal (percentage). The value 0 will mean Disk space limit is not specified.
Get events with timestamps within the last 24 hours
GET /siem/v1/events
X-Tenant-ID
Sophos Tenant
None Provided
limit
String (?)
The maximum number of items to return, default is 200, max is 1000
cursor
String (?)
Identifier for next item in the list, this value is available in response as next_cursor Response will default to last 24 hours if cursor is not within last 24 hours.
from_date
String (?)
The starting date from which alerts will be retrieved defined as Unix timestamp in UTCIgnored if cursor is set. Must be within last 24 hours.
exclude_types
String (?)
The String of list of types of events to be excluded
Get detected exploits and the number of each detected exploit
GET /endpoint/v1/settings/exploit-mitigation/detected-exploits
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Thumbprint Not In
Array
Filter out detected exploits with these thumbprints
Get a detected exploit by ID
GET /endpoint/v1/settings/exploit-mitigation/detected-exploits/{detectedExploitId}
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Detected Exploit*
Sophos Detected Exploit
None Provided
Lists all the Exploit Mitigation categories
GET /endpoint/v1/settings/exploit-mitigation/categories
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Get Exploit Mitigation settings for all protected applications
GET /endpoint/v1/settings/exploit-mitigation/applications
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Type
String (?)
Exploit Mitigation Application type
Modified
String (?)
Whether or not Exploit Mitigation Application has been customized
Exclude a set of file paths from Exploit Mitigation
POST /endpoint/v1/settings/exploit-mitigation/applications
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Paths
Array
Array of absolute paths to an application file to exclude. You may use HitmanProAlert expansion variables (For example, $desktop, $programfiles). Currently, this array may contain only one application path.
Get Exploit Mitigation settings for an application
GET /endpoint/v1/settings/exploit-mitigation/applications/{exploitMitigationApplicationId}
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Exploit Mitigation Application*
Sophos Exploit Mitigation Application
Exploit Mitigation application ID
Update Exploit Mitigation settings for an application
PATCH /endpoint/v1/settings/exploit-mitigation/applications/{exploitMitigationApplicationId}
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Exploit Mitigation Application*
Sophos Exploit Mitigation Application
Exploit Mitigation application ID
Paths
Array
Array of absolute paths to an application file to exclude. You may use HitmanProAlert expansion variables (For example, $desktop, $programfiles). Currently, this array may contain only one application path.
Deletes a custom (user-defined) Exploit Mitigation application by ID. Note you can only delete custom applications A request to delete a system-detected application fails with a 409 Conflict message
DELETE /endpoint/v1/settings/exploit-mitigation/applications/{exploitMitigationApplicationId}
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Exploit Mitigation Application*
Sophos Exploit Mitigation Application
Exploit Mitigation application ID
protected
String (?)
None Provided
settings
String (?)
None Provided
Retrieve firewall groups for a tenant
GET /firewall/v1/firewall-groups
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Recurse Subgroups
String (?)
Whether to include nested child groups or not
Search
String (?)
Search for items that match the given terms
Search Fields
Array
Search only within the specified fields, username field is default if search query is specified
Create firewall group
POST /firewall/v1/firewall-groups
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Name
String (?)
Group name
Config Import Source Firewall
String (?)
ID for the firewall you're importing configuration settings from
Assign Firewalls
Array
IDs for the firewalls you're adding to the group
Firewall Group
Sophos Firewall Group
None Provided
Change firewall group name. You can also assign firewalls to the group. Or remove firewalls from a group
PATCH /firewall/v1/firewall-groups/{groupId}
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Firewall Group*
Sophos Firewall Group
None Provided
Name
String (?)
New group name
Assign Firewalls
Array
IDs for the firewalls you're adding to the group
Unassign Firewalls
Array
IDs for the firewalls you're removing from group
Delete the firewall group using its ID
DELETE /firewall/v1/firewall-groups/{groupId}
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Firewall Group*
Sophos Firewall Group
None Provided
Synchronization status for the firewalls in a group
GET /firewall/v1/firewall-groups/{groupId}/firewalls/sync-status
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Firewall Group*
Sophos Firewall Group
None Provided
IDs
String (?)
None Provided
List of firewalls
GET /firewall/v1/firewalls
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Firewall Group
Sophos Firewall Group
None Provided
Search
String (?)
Search for items that match the given terms
Update firewalls with supplied values
PATCH /firewall/v1/firewalls/{firewallId}
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Firewall*
Sophos Firewall
None Provided
Name
String (?)
Firewall name
Delete firewall using its ID
DELETE /firewall/v1/firewalls/{firewallId}
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Firewall*
Sophos Firewall
None Provided
Action you want to do to a firewall
POST /firewall/v1/firewalls/{firewallId}/action
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Firewall*
Sophos Firewall
None Provided
Action
String (?)
Actions that you can perform on these alerts
Check firmware for firewalls
POST /firewall/v1/firewalls/actions/firmware-upgrade-check
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Firewalls
Array
None Provided
Upgrade firewalls
POST /firewall/v1/firewalls/actions/firmware-upgrade
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Firewalls*
Array
None Provided
Cancel scheduled upgrade for a firewall
DELETE /firewall/v1/firewalls/actions/firmware-upgrade
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Firewalls*
String (?)
None Provided
latitude
String (?)
None Provided
longitude
String (?)
None Provided
Check whether Tamper Protection is turned on globally
GET /endpoint/v1/settings/tamper-protection
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Get all Intrusion Prevention exclusions
GET /endpoint/v1/settings/exclusions/intrusion-prevention
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Add a new Intrusion Prevention exclusion
POST /endpoint/v1/settings/exclusions/intrusion-prevention
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Local Ports
Array
Local protected ports
Remote Ports
Array
Remote protected ports
True True| required | | None Provided | | Direction | String (?) | Direction property of the intrusion prevention exclusion | | Remote Addresses | String (?) | Array of remote addresses for the intrusion prevention exclusion | | Comment* | String (?) | Comment indicating why the item should be allowed |
Get an Intrusion Prevention exclusion by ID
GET /endpoint/v1/settings/exclusions/intrusion-prevention/{exclusionId}
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Intrusions Exclusion*
Sophos Intrusions Exclusion
Exclusion ID
Delete an Intrusion Prevention exclusion by ID
DELETE /endpoint/v1/settings/exclusions/intrusion-prevention/{exclusionId}
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Intrusions Exclusion*
Sophos Intrusions Exclusion
Exclusion ID
Update an Intrusion Prevention exclusion by ID
PATCH /endpoint/v1/settings/exclusions/intrusion-prevention/{exclusionId}
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Intrusions Exclusion*
Sophos Intrusions Exclusion
Exclusion ID
Local Ports
Array
Local protected ports
Remote Ports
Array
Remote protected ports
Direction
String (?)
Direction property of the intrusion prevention exclusion
Remote Addresses
String (?)
Array of remote addresses for the intrusion prevention exclusion
Comment*
String (?)
Comment indicating why the item should be allowed
Get all isolation exclusions
GET /endpoint/v1/settings/exclusions/isolation
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Adds a new Isolation exclusion
POST /endpoint/v1/settings/exclusions/isolation
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Local Ports
Array
Local protected ports
Remote Ports
Array
Remote protected ports
True True| required | | None Provided | | Direction | String (?) | Direction property of the intrusion prevention exclusion | | Remote Addresses | String (?) | Array of remote addresses for the intrusion prevention exclusion | | Comment* | String (?) | Comment indicating why the item should be allowed |
Get a single Isolation exclusion by ID
GET /endpoint/v1/settings/exclusions/isolation/{exclusionId}
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Isolation Exclusion*
Sophos Isolation Exclusion
Exclusion ID
Deletes an Isolation exclusion
DELETE /endpoint/v1/settings/exclusions/isolation/{exclusionId}
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Isolation Exclusion*
Sophos Isolation Exclusion
Exclusion ID
Updates an Isolation exclusion by ID
PATCH /endpoint/v1/settings/exclusions/isolation/{exclusionId}
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Isolation Exclusion*
Sophos Isolation Exclusion
Exclusion ID
Local Ports
Array
Local protected ports
Remote Ports
Array
Remote protected ports
Direction
String (?)
Direction property of the intrusion prevention exclusion
Remote Addresses
String (?)
Array of remote addresses for the intrusion prevention exclusion
Comment*
String (?)
Comment indicating why the item should be allowed
Gets all migration jobs for the tenant
GET /endpoint/v1/migrations
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Mode
String
Filter migration jobs by sending or receiving mode
Start a migration job in the receiving tenant
POST /endpoint/v1/migrations
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
From Tenant
String (?)
Sending tenant
Endpoints
Array
Endpoints UUIDs
Get a single migration job
GET /endpoint/v1/migrations/{migrationJobId}
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Migration Job*
Sophos Migration Job
Migration job ID
Start a migration job in the sending tenant
PUT /endpoint/v1/migrations/{migrationJobId}
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Migration Job*
Sophos Migration Job
Migration job ID
Token
String (?)
Job token
Endpoints
Array
Endpoints UUIDs
Gets the status of endpoints that are being migrated
GET /endpoint/v1/migrations/{migrationJobId}/endpoints
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Migration Job*
Sophos Migration Job
Migration job ID
Get all Sophos Recommended packages for the tenant
GET /endpoint/v1/software/packages/recommended
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Get all static packages available for the tenant
GET /endpoint/v1/software/packages/static
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Sort
Array
Defines how to sort the data
Endpoint Type*
String
Endpoint type
Platform
String
Filter to the platform of the static package
Type
String (?)
Show the type of static package
Expires From
String (?)
Show static packages that expire on or after this date (inclusive)
Expires To
String (?)
Show static packages that expire before this date (exclusive)
Released From
String (?)
Show static packages that were released on or after this date (inclusive)
Released To
String (?)
Show static packages that were released before this date (exclusive)
Get an individual static package
GET /endpoint/v1/software/packages/static/{staticPackageId}
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Static Packages*
Sophos Static Package
None Provided
Add a package by token, supplied by Sophos support. This is a one-way operation
POST /endpoint/v1/software/packages/static/{staticPackageId}/add
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Static Packages*
Sophos Static Package
None Provided
Get all software comments
GET /endpoint/v1/software/comments
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Get the static package comment
GET /endpoint/v1/software/comments/{staticPackageId}
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Static Packages*
Sophos Static Package
None Provided
Add/Update the static package comment
PUT /endpoint/v1/software/comments/{staticPackageId}
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Static Packages*
Sophos Static Package
None Provided
Comment*
String (?)
Comment indicating why the item should be allowed
Delete the static package comment
DELETE /endpoint/v1/software/comments/{staticPackageId}
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Static Packages*
Sophos Static Package
None Provided
List all partner admins
GET /partner/v1/admins
X-Partner-ID*
String (?)
Partner ID
Sort
Array
Defines how to sort the data
Fields
String (?)
The fields to return in a partial response
Search
String (?)
Search for items that match the given terms
String (?)
None Provided
Partner Role
Sophos Partner Role
Role ID
With Access To Tenant
String (?)
Search for admins that have access to the given tenant
Create a new partner administrator
POST /partner/v1/admins
X-Partner-ID*
String (?)
Partner ID
Username
String (?)
Administrator username (email)
Get partner administrator details by ID
GET /partner/v1/admins/{adminId}
X-Partner-ID*
String (?)
Partner ID
Partner Admin*
Sophos Partner Admin
Admin ID
Get the list of role assignments for a given admin
GET /partner/v1/admins/{adminId}/role-assignments
X-Partner-ID*
String (?)
Partner ID
Partner Admin*
Sophos Partner Admin
Admin ID
Assign a role to a partner administrator
POST /partner/v1/admins/{adminId}/role-assignments
X-Partner-ID*
String (?)
Partner ID
Partner Admin*
Sophos Partner Admin
Admin ID
Partner Role*
Sophos Partner Role
Role ID
Get partner administrator role assignment by ID
GET /partner/v1/admins/{adminId}/role-assignments/{assignmentId}
X-Partner-ID*
String (?)
Partner ID
Partner Admin*
Sophos Partner Admin
Admin ID
Partner Role Assignment*
Sophos Partner Role Assignment
Role Assignment ID
Remove role assignment from a partner admin
DELETE /partner/v1/admins/{adminId}/role-assignments/{assignmentId}
X-Partner-ID*
String (?)
Partner ID
Partner Admin*
Sophos Partner Admin
Admin ID
Partner Role Assignment*
Sophos Partner Role Assignment
Role Assignment ID
Name
String (?)
Full name
firstName
String (?)
None Provided
lastName
String (?)
None Provided
phone
String (?)
None Provided
mobile
String (?)
None Provided
fax
String (?)
None Provided
roleId
String (?)
Role UUID
Type*
String
Role assignment scope type
Tenant
String (?)
Tenant ID. Optional when type is allManagedTenants or self
Gets a partner usage report for a particular month and year
GET /partner/v1/billing/usage/{year}/{month}
X-Partner-ID
String (?)
Partner ID
Month*
String (?)
Month of the year
Year*
String (?)
Year
Fields
String (?)
The fields to return in a partial response
Contact Email
String (?)
Tenant email for contact
Tenant*
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
List all partner roles
GET /partner/v1/roles
X-Partner-ID
String (?)
Partner ID
Type
String (?)
Role type
Principal Type
String
Principal type of role
Fields
String (?)
The fields to return in a partial response
Create a new partner role
POST /partner/v1/roles
X-Partner-ID
String (?)
Partner ID
Fields
String (?)
The fields to return in a partial response
Name
String (?)
Role name
Description
String (?)
Group description
Principal Type
String
Principal type of role
Permission Sets
String (?)
List of permission sets
Get a partner role by ID
GET /partner/v1/roles/{roleId}
X-Partner-ID
String (?)
Partner ID
Partner Role*
Sophos Partner Role
Role ID
Fields
String (?)
The fields to return in a partial response
Delete a partner role by ID
DELETE /partner/v1/roles/{roleId}
X-Partner-ID
String (?)
Partner ID
Partner Role*
Sophos Partner Role
Role ID
Update an existing partner role
PATCH /partner/v1/roles/{roleId}
X-Partner-ID
String (?)
Partner ID
Partner Role*
Sophos Partner Role
Role ID
Fields
String (?)
The fields to return in a partial response
Name
String (?)
Role name
Description
String (?)
Group description
Permission Sets
String (?)
List of permission sets
Get permission set details for a Partner Role
GET /partner/v1/roles/permission-sets
X-Partner-ID
String (?)
Partner ID
Fields
String (?)
The fields to return in a partial response
Type
String (?)
Permission set type
Product
Array
Alerts for a product. You can query by product types
Access
String
Access level of permission set
Allowed In Custom Role
String (?)
Filter permissions sets allowed in custom roles
Principal Type
String
Principal type of role
Get all the peripherals
GET /endpoint/v1/settings/peripheral-control/peripherals
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Last Seen After
String (?)
Find endpoints that were last seen after the given date and time (UTC) or a duration relative to the current date and time (inclusive).
Type
String (?)
One or more peripheral types to include
Get a peripheral by ID
GET /endpoint/v1/settings/peripheral-control/peripherals/{peripheralId}
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Peripheral*
Sophos Peripheral
None Provided
List the policies of a tenant
GET /endpoint/v1/policies
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Policy Type
String
Policy type
Fields
String (?)
The fields to return in a partial response
Create a new policy
POST /endpoint/v1/policies
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Name*
String (?)
Policy name
Type*
String (?)
Policy type
Priority*
String (?)
Policy priority
Enabled
String (?)
Whether Tamper Protection should be turned on for the endpoint
Disable At*
String (?)
When the policy should be turned off
Applies To*
String (?)
None Provided
Settings
String (?)
Settings for this object
Get a list of metadata for the policy settings
GET /endpoint/v1/policies/settings
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Policy Type
String
Policy type
Gets a policy's details
GET /endpoint/v1/policies/{policyId}
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Policy*
Sophos Policy
None Provided
Update policy. Note you can only change the settings for a base policy
PATCH /endpoint/v1/policies/{policyId}
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Policy*
Sophos Policy
None Provided
Name
String (?)
Policy name
Priority*
String (?)
Policy priority
Enabled
String (?)
Whether Tamper Protection should be turned on for the endpoint
Disable At*
String (?)
When the policy should be turned off
Applies To*
String (?)
None Provided
Settings
String (?)
Settings for this object
Deletes a policy
DELETE /endpoint/v1/policies/{policyId}
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Policy*
Sophos Policy
None Provided
Gets a list of policy settings
GET /endpoint/v1/policies/{policyId}/settings
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Policy*
Sophos Policy
None Provided
Updates policy settings
PATCH /endpoint/v1/policies/{policyId}/settings
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Policy*
Sophos Policy
None Provided
Reset policy settings
POST /endpoint/v1/policies/{policyId}/settings/reset
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Policy*
Sophos Policy
None Provided
Get the value of a setting key in a policy
GET /endpoint/v1/policies/{policyId}/settings/{settingKey}
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Policy*
Sophos Policy
None Provided
Setting Key*
String (?)
Setting key
Reset a setting to its default value
POST /endpoint/v1/policies/{policyId}/settings/{settingKey}/reset
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Policy*
Sophos Policy
None Provided
Setting Key*
String (?)
Setting key
Clone a policy
POST /endpoint/v1/policies/{policyId}/clone
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Policy*
Sophos Policy
None Provided
Name
String (?)
Name of the newly cloned policy
Get base policy for a policy type
GET /endpoint/v1/policies/{policyType}/base
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Policy Type*
String
Policy type
Update base policy. Note that only settings can be changed
PATCH /endpoint/v1/policies/{policyType}/base
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Policy Type*
String
Policy type
Settings
String (?)
Settings for this object
Get settings of the base policy for a policy type
GET /endpoint/v1/policies/{policyType}/base/settings
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Policy Type*
String
Policy type
Update settings in the base policy for a policy type
PATCH /endpoint/v1/policies/{policyType}/base/settings
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Policy Type*
String
Policy type
Reset the settings in a base policy
POST /endpoint/v1/policies/{policyType}/base/settings/reset
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Policy Type*
String
Policy type
Get the value of a setting in the base policy for a policy type
GET /endpoint/v1/policies/{policyType}/base/settings/{settingKey}
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Policy Type*
String
Policy type
Setting Key*
String (?)
Setting key
Update a setting in the base policy
PATCH /endpoint/v1/policies/{policyType}/base/settings/{settingKey}
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Policy Type*
String
Policy type
Setting Key*
String (?)
Setting key
Reset a setting in the base policy to its default value
POST /endpoint/v1/policies/{policyType}/base/settings/{settingKey}/reset
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Policy Type*
String
Policy type
Setting Key*
String (?)
Setting key
Clone a new policy from the base policy for a policy type
POST /endpoint/v1/policies/{policyType}/base/clone
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Policy Type*
String
Policy type
Name
String (?)
Name of the newly cloned policy
List scanning exclusions
GET /endpoint/v1/settings/exclusions/scanning
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Type
String (?)
Scanning Exclusion type
Add a new scanning exclusion
POST /endpoint/v1/settings/exclusions/scanning
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Value*
String (?)
Exclusion value
Type*
String (?)
Scanning exclusion type
Scan Mode*
String (?)
Default value of scan mode is \"onDemandAndOnAccess\" for exclusions of type path, posixPath and virtualPath, \"onAccess\" for process, web, pua, amsi. Behavioral and Detected Exploits (exploitMitigation) type exclusions do not support a scan mode.
Comment*
String (?)
Comment indicating why the item should be allowed
Get a scanning exclusion by ID
GET /endpoint/v1/settings/exclusions/scanning/{exclusionId}
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Scanning Exclusion*
Sophos Scanning Exclusion
Exclusion ID
Update a scanning exclusion by ID
PATCH /endpoint/v1/settings/exclusions/scanning/{exclusionId}
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Scanning Exclusion*
Sophos Scanning Exclusion
Exclusion ID
Value*
String (?)
Exclusion value
Scan Mode*
String (?)
Default value of scan mode is \"onDemandAndOnAccess\" for exclusions of type path, posixPath and virtualPath, \"onAccess\" for process, web, pua, amsi. Behavioral and Detected Exploits (exploitMitigation) type exclusions do not support a scan mode.
Comment*
String (?)
Comment indicating why the item should be allowed
Deletes a scanning exclusion
DELETE /endpoint/v1/settings/exclusions/scanning/{exclusionId}
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Scanning Exclusion*
Sophos Scanning Exclusion
Exclusion ID
Sends a request to the specified endpoint to perform or configure a scan
POST /endpoint/v1/endpoints/{endpointId}/scans
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Endpoint*
Sophos Endpoint
None Provided
ordereddict([('description', 'Request to configure or perform a scan on the endpoint'), ('type', 'object'), ('x-anchor-description', 'JSON Schema object data type')])
Get Tamper Protection settings for a specified endpoint
GET /endpoint/v1/endpoints/{endpointId}/tamper-protection
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Endpoint*
Sophos Endpoint
None Provided
Turns Tamper Protection on or off on an endpoint. Or generates a new Tamper Protection password Note that Tamper Protection can be turned on for an endpoint only if it has also been turned on globally.
POST /endpoint/v1/endpoints/{endpointId}/tamper-protection
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Endpoint*
Sophos Endpoint
None Provided
Enabled
String (?)
Whether Tamper Protection should be turned on for the endpoint
Regenerate Password
String (?)
Whether a new Tamper Protection password should be generated
List all tenant admins
GET /common/v1/admins
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Sort
Array
Defines how to sort the data
Fields
String (?)
The fields to return in a partial response
Search
String (?)
Search for items that match the given terms
Search Fields
Array
Search only within the specified fields, username field is default if search query is specified
Tenant Role
Sophos Tenant Role
Role ID
Create a tenant admin from a directory user
POST /common/v1/admins
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Fields
String (?)
The fields to return in a partial response
User
Sophos User
None Provided
Get admin details by ID
GET /common/v1/admins/{adminId}
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Tenant Admin*
Sophos Tenant Admin
Admin ID
Fields
String (?)
The fields to return in a partial response
Remove an admin by ID
DELETE /common/v1/admins/{adminId}
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Tenant Admin*
Sophos Tenant Admin
Admin ID
Get the list of role assignments for a given admin
GET /common/v1/admins/{adminId}/role-assignments
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Tenant Admin*
Sophos Tenant Admin
Admin ID
Assign a role of principal type "user" to a tenant admin Any existing assignment is overridden
POST /common/v1/admins/{adminId}/role-assignments
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Tenant Admin*
Sophos Tenant Admin
Admin ID
Tenant Role
Sophos Tenant Role
Role ID
Get tenant admin role assignment information by ID
GET /common/v1/admins/{adminId}/role-assignments/{assignmentId}
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Tenant Admin*
Sophos Tenant Admin
Admin ID
Tenant Role Assignment*
Sophos Tenant Role Assignment
Role Assignment ID
Remove role assignment from an admin account
DELETE /common/v1/admins/{adminId}/role-assignments/{assignmentId}
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Tenant Admin*
Sophos Tenant Admin
Admin ID
Tenant Role Assignment*
Sophos Tenant Role Assignment
Role Assignment ID
roleId
String (?)
Role UUID
List all roles in the tenant
GET /common/v1/roles
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Type
String (?)
Role type
Principal Type
String
Principal type of role
Fields
String (?)
The fields to return in a partial response
Create a new tenant role
POST /common/v1/roles
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Fields
String (?)
The fields to return in a partial response
Name
String (?)
Role name
Description
String (?)
Group description
Principal Type
String
Principal type of role
Permission Sets
String (?)
List of permission sets
Get Tenant Role by ID
GET /common/v1/roles/{roleId}
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Tenant Role*
Sophos Tenant Role
Role ID
Fields
String (?)
The fields to return in a partial response
Delete a tenant role by ID
DELETE /common/v1/roles/{roleId}
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Tenant Role*
Sophos Tenant Role
Role ID
Update an existing tenant role
PATCH /common/v1/roles/{roleId}
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Tenant Role*
Sophos Tenant Role
Role ID
Fields
String (?)
The fields to return in a partial response
Name
String (?)
Role name
Description
String (?)
Group description
Permission Sets
String (?)
List of permission sets
Get permission set details for roles
GET /common/v1/roles/permission-sets
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Fields
String (?)
The fields to return in a partial response
Type
String (?)
Permission set type
Product
Array
Alerts for a product. You can query by product types
Access
String
Access level of permission set
Allowed In Custom Role
String (?)
Filter permissions sets allowed in custom roles
Principal Type
String
Principal type of role
Create a new tenant
POST /partner/v1/tenants
X-Partner-ID
String (?)
Partner ID
Fields
String (?)
The fields to return in a partial response
Show As
String (?)
Tenant display name
True True| required | | None Provided | | Name* | String (?) | Tenant name. This cannot be changed after the tenant has been created | | Data Geography | String (?) | Geographical location where the tenant data is stored | | Billing Type | String (?) | Billing type |
List all the tenants for a partner
GET /partner/v1/tenants
X-Partner-ID
String (?)
Partner ID
Fields
String (?)
The fields to return in a partial response
Get a tenant by ID
GET /partner/v1/tenants/{tenantId}
X-Partner-ID
String (?)
Partner ID
Tenant*
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Fields
String (?)
The fields to return in a partial response
firstName
String (?)
None Provided
lastName
String (?)
None Provided
String (?)
None Provided
phone
String (?)
None Provided
mobile
String (?)
None Provided
fax
String (?)
None Provided
address
String (?)
None Provided
Sends a request to the endpoint to check for Sophos management agent software updates
POST /endpoint/v1/endpoints/{endpointId}/update-checks
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Endpoint*
Sophos Endpoint
None Provided
ordereddict([('description', 'Request to the endpoint to check for updates to the Sophos agent software and protection data'), ('type', 'object'), ('x-anchor-description', 'JSON Schema object data type')])
Get all sites for the tenant
GET /endpoint/v1/settings/web-control/local-sites
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Adds a new local site to your exclusions
POST /endpoint/v1/settings/web-control/local-sites
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Website Category
Sophos Website Category
Category associated with this local site.
Tags
Array
Array of tags associated with this local site setting. Either categoryId or tags must be provided
True True| required | | None Provided | | URL | String (?) | None Provided | | Comment* | String (?) | Comment indicating why the item should be allowed |
Get a local site by ID
GET /endpoint/v1/settings/web-control/local-sites/{localSiteId}
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Local Site*
String (?)
Local site ID
Update a local site definition
PATCH /endpoint/v1/settings/web-control/local-sites/{localSiteId}
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Local Site*
String (?)
Local site ID
Website Category
Sophos Website Category
Category associated with this local site.
Tags
Array
Array of tags associated with this local site setting. Either categoryId or tags must be provided
URL
String (?)
None Provided
Comment*
String (?)
Comment indicating why the item should be allowed
Deletes the specified local site
DELETE /endpoint/v1/settings/web-control/local-sites/{localSiteId}
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Local Site*
String (?)
Local site ID
Get all Web Control categories
GET /endpoint/v1/settings/web-control/categories
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Get settings for SSL/TLS decryption of HTTPS websites
GET /endpoint/v1/settings/web-control/tls-decryption
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Update settings for SSL/TLS decryption of HTTPS websites
PATCH /endpoint/v1/settings/web-control/tls-decryption
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Enabled
String (?)
Whether Tamper Protection should be turned on for the endpoint
List of websites excluded from SSL/TLS decryption
GET /endpoint/v1/settings/web-control/tls-decryption/excluded-websites
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Add and remove websites excluded from SSL/TLS decryption
PATCH /endpoint/v1/settings/web-control/tls-decryption/excluded-websites
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Clears the list of websites excluded from SSL/TLS decryption
DELETE /endpoint/v1/settings/web-control/tls-decryption/excluded-websites
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
id
String (?)
Web decryption category ID matching the Web Control categories
decryptionEnabled
String (?)
Whether web decryption is enabled on websites in this category
value
String (?)
Website IP address, IP address range or domain
comment
String (?)
Comment indicating why the site was excluded
value
String (?)
Website IP address, IP address range or domain
comment
String (?)
Comment indicating why the site was excluded
Partnerroleassignment
Scope
ordereddict([('description', 'Keys have specific names documented '), ('type', 'object'), ('x-anchor-description', 'JSON Schema object data type')])
ordereddict([('description', 'Keys have specific names documented '), ('type', 'object'), ('x-anchor-description', 'JSON Schema object data type')])
Websitestoadd
Remove