🎯 Getting Started🏫 Cluck University📚 Documentation📦 Prebuilt Automations📢 Updates
❓Additional Resources

Sophos Integration Setup

Integrating Rewst with Sophos brings robust cybersecurity capabilities to your Rewst workflows, enhancing data protection and threat management. With the integration, Rewst users can leverage Sophos' advanced security solutions to strengthen their defense against cyber threats. This includes features such as malware detection, ransomware protection, network security, and endpoint protection. By integrating Sophos into Rewst, users can enhance their security posture, mitigate risks, and safeguard sensitive data. The integration empowers users to proactively manage their cybersecurity within the Rewst platform, ensuring a secure environment for their operations and protecting against evolving threats.

Setup

To set up the Sophos Integration, you'll need to do the following:

  1. Navigate to the Global Settings of Sophos and locate the API Credentials Management section.

  2. Click on the "Add Credential" button to initiate the process of adding a new credential.

  3. Provide a name and description for the credential to identify and distinguish it from others.

  4. Choose the role that will be assigned to this credential. The available roles to choose from can be viewed here.

  5. Navigate to the integrations page in Rewst.

  6. Click on the Sophos integration.

  7. Fill out the integration form.

  8. Submit the form.

We'll run a quick test to ensure that the credentials are valid and that we can successfully connect to the Sophos API.

Actions

Alerts

List Alerts

List alerts matching specified criteria

GET /common/v1/alerts

KeyTypeDescription

Tenant

Sophos Tenant

The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.

Group Key

String (?)

Alert group key. You can filter by group key

From

String (?)

You can find alerts that were raised on or after this time

To

String (?)

You can find alerts that were raised before this time

Sort

Array

Defines how to sort the data

Product

Array

Alerts for a product. You can query by product types

Category

Array

Alert category. You can query by different categories

Severity

Array

Alerts for a specific severity level. You can query by severity levels

Alerts

String (?)

List of IDs

Fields

String (?)

The fields to return in a partial response

Get Alert

Get details of a specific alert

GET /common/v1/alerts/{alertId}

KeyTypeDescription

Tenant

Sophos Tenant

The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.

Alert*

Sophos Alert

None Provided

Take Action On Alert

Take an action on a specific alert

POST /common/v1/alerts/{alertId}/actions

KeyTypeDescription

Tenant

Sophos Tenant

The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.

Alert*

Sophos Alert

None Provided

Action*

String (?)

Actions that you can perform on these alerts

Message

String (?)

Message to send for the action

Allowed Items

List Exemptions

Get all allowed items from settings

GET /endpoint/v1/settings/allowed-items

KeyTypeDescription

Tenant

Sophos Tenant

The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.

Create Exemption

Exempt an item from conviction

POST /endpoint/v1/settings/allowed-items

KeyTypeDescription

Tenant

Sophos Tenant

The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.

Type*

String (?)

Property by which an item is allowed

Comment*

String (?)

Comment indicating why the item should be allowed

Origin Person*

String (?)

Person associated with the endpoint where the item to be allowed was last seen

Origin Endpoint

String (?)

Endpoint where the item to be allowed was last seen

Get Exemption

Get an exemption by ID

GET /endpoint/v1/settings/allowed-items/{allowedItemId}

KeyTypeDescription

Tenant

Sophos Tenant

The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.

Blocked Item*

Sophos Blocked Item

None Provided

Update Exemption

Update an exemption

PATCH /endpoint/v1/settings/allowed-items/{allowedItemId}

KeyTypeDescription

Tenant

Sophos Tenant

The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.

Blocked Item*

Sophos Blocked Item

None Provided

Comment*

String (?)

Comment indicating why the item should be allowed

Delete Exemption

Deletes the specified exemption

DELETE /endpoint/v1/settings/allowed-items/{allowedItemId}

KeyTypeDescription

Tenant

Sophos Tenant

The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.

Blocked Item*

Sophos Blocked Item

None Provided

Property

KeyTypeDescription

File Name*

String (?)

File name

Path*

String (?)

Path for the application

Sha256*

String (?)

Sha256 value for the application

Certificate Signer*

String (?)

Value saved for the certificateSigner

Blocked Items

List Quarantined Items

Get all blocked items

GET /endpoint/v1/settings/blocked-items

KeyTypeDescription

Tenant

Sophos Tenant

The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.

Add Item To Quarantine

Block an item from exoneration

POST /endpoint/v1/settings/blocked-items

KeyTypeDescription

Tenant

Sophos Tenant

The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.

Type*

String (?)

Property by which an item is blocked

Comment*

String (?)

Comment indicating why the item should be allowed

Get Quarantined Item

Get a blocked item by ID

GET /endpoint/v1/settings/blocked-items/{blockedItemId}

KeyTypeDescription

Tenant

Sophos Tenant

The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.

Blocked Item*

Sophos Blocked Item

None Provided

Delete From Quarantine

Deletes the specified blocked item

DELETE /endpoint/v1/settings/blocked-items/{blockedItemId}

KeyTypeDescription

Tenant

Sophos Tenant

The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.

Blocked Item*

Sophos Blocked Item

None Provided

Property - Blocked Items

KeyTypeDescription

File Name*

String (?)

File name

Path*

String (?)

Path for the application

Sha256*

String (?)

Sha256 value for the application

Certificate Signer*

String (?)

Value saved for the certificateSigner

Directory Management

List Users

List users in the directory

GET /common/v1/directory/users

KeyTypeDescription

Tenant

Sophos Tenant

The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.

Sort

Array

Defines how to sort the data

Fields

String (?)

The fields to return in a partial response

IDs

String (?)

List of item IDs to match

Search

String (?)

Search for items that match the given terms

Search Fields

Array

Search only within the specified fields, username field is default if search query is specified

Source Type

String

Source directory type

User Group

Sophos User Group

None Provided

Domain

String (?)

List the items that match the given domain

Create User

Add a new user to the directory

POST /common/v1/directory/users

KeyTypeDescription

Tenant

Sophos Tenant

The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.

Fields

String (?)

The fields to return in a partial response

Name

String (?)

User's full name

First Name

String (?)

None Provided

Last Name

String (?)

None Provided

Email

String (?)

User's email address

Exchange Login

String (?)

User's Exchange login

User Group

Array

Groups that the user should be added to

Get User

Get a user by ID

GET /common/v1/directory/users/{userId}

KeyTypeDescription

Tenant

Sophos Tenant

The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.

User*

Sophos User

None Provided

Fields

String (?)

The fields to return in a partial response

Delete User

Delete a user by ID

DELETE /common/v1/directory/users/{userId}

KeyTypeDescription

Tenant

Sophos Tenant

The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.

User*

Sophos User

None Provided

Update User

Update an existing user

PATCH /common/v1/directory/users/{userId}

KeyTypeDescription

Tenant

Sophos Tenant

The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.

User*

Sophos User

None Provided

Fields

String (?)

The fields to return in a partial response

Name

String (?)

User's full name

First Name

String (?)

None Provided

Last Name

String (?)

None Provided

Email

String (?)

User's email address

Exchange Login

String (?)

User's Exchange login

List User Groups

List user groups in the directory

GET /common/v1/directory/user-groups

KeyTypeDescription

Tenant

Sophos Tenant

The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.

Sort

Array

Defines how to sort the data

Fields

String (?)

The fields to return in a partial response

IDs

String (?)

List of item IDs to match

Search

String (?)

Search for items that match the given terms

Search Fields

Array

Search only within the specified fields, username field is default if search query is specified

Source Type

String

Source directory type

User

Sophos User

None Provided

Domain

String (?)

List the items that match the given domain

Create User Group

Add a new group to the directory

POST /common/v1/directory/user-groups

KeyTypeDescription

Tenant

Sophos Tenant

The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.

Fields

String (?)

The fields to return in a partial response

Name

String (?)

Group name

Description

String (?)

Group description

Users

Array

Users in the group

Get User Group

Get a user group by ID

GET /common/v1/directory/user-groups/{groupId}

KeyTypeDescription

Tenant

Sophos Tenant

The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.

User Group*

Sophos User Group

None Provided

Fields

String (?)

The fields to return in a partial response

Delete User Group

Deletes the specified user group. The group must be empty.

DELETE /common/v1/directory/user-groups/{groupId}

KeyTypeDescription

Tenant

Sophos Tenant

The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.

User Group*

Sophos User Group

None Provided

Update User Group

Update a user group

PATCH /common/v1/directory/user-groups/{groupId}

KeyTypeDescription

Tenant

Sophos Tenant

The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.

User Group*

Sophos User Group

None Provided

Fields

String (?)

The fields to return in a partial response

Name

String (?)

New group name

Description

String (?)

Group description

Get User Group Membership

List groups that a user belongs to

GET /common/v1/directory/users/{userId}/groups

KeyTypeDescription

Tenant

Sophos Tenant

The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.

User*

Sophos User

None Provided

Sort

Array

Defines how to sort the data

Fields

String (?)

The fields to return in a partial response

Search

String (?)

Search for items that match the given terms

Search Fields

Array

Search only within the specified fields, username field is default if search query is specified

Source Type

String

Source directory type

Domain

String (?)

List the items that match the given domain

Add User To Group(S)

Add a user to multiple groups

POST /common/v1/directory/users/{userId}/groups

KeyTypeDescription

Tenant

Sophos Tenant

The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.

User*

Sophos User

None Provided

IDs

String (?)

List of group IDs

Remove User From Group(S)

Remove a user from multiple groups

DELETE /common/v1/directory/users/{userId}/groups

KeyTypeDescription

Tenant

Sophos Tenant

The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.

User*

Sophos User

None Provided

User Groups

String (?)

List of group IDs

List Users In Group

List users in the specified group

GET /common/v1/directory/user-groups/{groupId}/users

KeyTypeDescription

Tenant

Sophos Tenant

The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.

User Group*

Sophos User Group

None Provided

Sort

Array

Defines how to sort the data

Fields

String (?)

The fields to return in a partial response

Search

String (?)

Search for items that match the given terms

Search Fields

Array

Search only within the specified fields, username field is default if search query is specified

Source Type

String

Source directory type

Domain

String (?)

List the items that match the given domain

Add User(S) To Group

Add multiple users to the specified group

POST /common/v1/directory/user-groups/{groupId}/users

KeyTypeDescription

Tenant

Sophos Tenant

The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.

User Group*

Sophos User Group

None Provided

Users

String (?)

List of user IDs

Remove User(S) From Group

Remove multiple users from a group

DELETE /common/v1/directory/user-groups/{groupId}/users

KeyTypeDescription

Tenant

Sophos Tenant

The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.

User Group*

Sophos User Group

None Provided

Users

String (?)

List of user IDs

Downloads

List Endpoint Installer Links

Get all the endpoint installer links for a tenant

GET /endpoint/v1/downloads

KeyTypeDescription

Tenant

Sophos Tenant

The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.

Requested Products

Array

Products to include in the installers. All values are given if you don't use filters

Platforms

Array

Specify which platforms to include. All values are given if you don't use filters

Endpoint Groups Management

List Endpoint Groups

Endpoint groups in the directory

GET /endpoint/v1/endpoint-groups

KeyTypeDescription

Tenant

Sophos Tenant

The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.

Group Type

String

Endpoint group type

Sort

Array

Defines how to sort the data

Fields

String (?)

The fields to return in a partial response

Endpoint Groups

String (?)

IDs to match

Search

String (?)

Search for items that match the given terms

Search Fields

Array

Search only within the specified fields, username field is default if search query is specified

Endpoints

Array

Endpoints UUIDs

Create Endpoint Group

Add a new endpoint group to the directory

POST /endpoint/v1/endpoint-groups

KeyTypeDescription

Tenant

Sophos Tenant

The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.

Fields

String (?)

The fields to return in a partial response

Name*

String (?)

Group name

Description

String (?)

Group description

Type*

String (?)

Endpoint group types

Endpoints

Array

Endpoints UUIDs

List Endpoint Groups By Type

Endpoint groups of your specified type in the directory

GET /endpoint/v1/endpoint-groups/types/{groupType}

KeyTypeDescription

Tenant

Sophos Tenant

The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.

Group Type*

String

Endpoint group type

Sort

Array

Defines how to sort the data

Fields

String (?)

The fields to return in a partial response

IDs

String (?)

IDs to match

Search

String (?)

Search for items that match the given terms

Search Fields

Array

Search only within the specified fields, username field is default if search query is specified

Endpoints

Array

Endpoints UUIDs

Get Endpoint Group

Get endpoint group by ID

GET /endpoint/v1/endpoint-groups/{groupId}

KeyTypeDescription

Tenant

Sophos Tenant

The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.

Endpoint Groups*

Sophos Endpoint Group

None Provided

Fields

String (?)

The fields to return in a partial response

Delete Endpoint Group

Delete endpoint group

DELETE /endpoint/v1/endpoint-groups/{groupId}

KeyTypeDescription

Tenant

Sophos Tenant

The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.

Endpoint Groups*

Sophos Endpoint Group

None Provided

Update Endpoint Group

Update endpoint group

PATCH /endpoint/v1/endpoint-groups/{groupId}

KeyTypeDescription

Tenant

Sophos Tenant

The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.

Endpoint Groups*

Sophos Endpoint Group

None Provided

Fields

String (?)

The fields to return in a partial response

Name

String (?)

New group name

Description

String (?)

Group description

List Endpoints In Group

Endpoints in your specified group

GET /endpoint/v1/endpoint-groups/{groupId}/endpoints

KeyTypeDescription

Tenant

Sophos Tenant

The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.

Endpoint Groups*

Sophos Endpoint Group

None Provided

Sort

Array

Defines how to sort the data

Fields

String (?)

The fields to return in a partial response

Search

String (?)

Search for items that match the given terms

Search Fields

Array

Search only within the specified fields, username field is default if search query is specified

Add Endpoint(S) To Group

Add endpoints to your group

POST /endpoint-groups/{groupId}/endpoints

KeyTypeDescription

Tenant

Sophos Tenant

The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.

Endpoint Groups*

Sophos Endpoint Group

None Provided

Endpoints

String (?)

List of endpoint IDs

Remove From Group

Remove endpoints from a group

DELETE /endpoint-groups/{groupId}/endpoints

KeyTypeDescription

Tenant

Sophos Tenant

The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.

Endpoint Groups*

Sophos Endpoint Group

None Provided

IDs

String (?)

Endpoint IDs

Remove Single Endpoint From Group

Remove endpoint from a group

DELETE /endpoint-groups/{groupId}/endpoints/{endpointId}

KeyTypeDescription

Tenant

Sophos Tenant

The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.

Endpoint Groups*

Sophos Endpoint Group

None Provided

Endpoint*

Sophos Endpoint

None Provided

Endpoint Isolation

Configure Endpoint(s) Isolation Settings

Turn on or off endpoint isolation for multiple endpoints

POST /endpoint/v1/endpoints/isolation

KeyTypeDescription

Tenant

Sophos Tenant

The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.

Enabled

String (?)

Whether Tamper Protection should be turned on for the endpoint

Comment*

String (?)

Comment indicating why the item should be allowed

IDs

String (?)

List of endpoints IDs

Get Endpoint's Isolation Settings

Get isolation settings for an endpoint

GET /endpoint/v1/endpoints/{endpointId}/isolation

KeyTypeDescription

Tenant

Sophos Tenant

The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.

Endpoint*

Sophos Endpoint

None Provided

Update Endpoint's Isolation Settings

Update isolation settings for an endpoint

PATCH /endpoint/v1/endpoints/{endpointId}/isolation

KeyTypeDescription

Tenant

Sophos Tenant

The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.

Endpoint*

Sophos Endpoint

None Provided

Enabled

String (?)

Whether Tamper Protection should be turned on for the endpoint

Comment*

String (?)

Comment indicating why the item should be allowed

Endpoints

List Endpoints

Get all the endpoints for the specified tenant

GET /endpoint/v1/endpoints

KeyTypeDescription

Tenant

Sophos Tenant

The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.

Sort

Array

Defines how to sort the data

Health Status

Array

Find endpoints by health status

Type

String (?)

Find endpoints by type

Tamper Protection Enabled

String (?)

Find endpoints by whether Tamper Protection is turned on

Lockdown Status

Array

Find endpoints by lockdown status

Last Seen Before

String (?)

Find endpoints that were last seen before the given date and time (UTC) or a duration relative to the current date and time (exclusive).

Last Seen After

String (?)

Find endpoints that were last seen after the given date and time (UTC) or a duration relative to the current date and time (inclusive).

IDs

String (?)

Find endpoints with the specified IDs

Isolation Status

String

Find endpoints by isolation status

Hostname Contains

String (?)

Find endpoints where the hostname contains the given string Only the first 10 characters of the given string are matched.

Associated Person Contains

String (?)

Find endpoints where the name of the person associated with the endpoint contains the given string Only the first 10 characters of the given string are matched.

Group Name Contains

String (?)

Find endpoints where the name of the group the endpoint is in contains the given string Only the first 10 characters of the given string are matched.

Search

String (?)

Search for items that match the given terms

Search Fields

Array

Search only within the specified fields, username field is default if search query is specified

IP Addresses

Array

Find endpoints by IP addresses

Cloud

Array

Find endpoints that are cloud instances. You must use URL encoding

Fields

String (?)

The fields to return in a partial response

View

String

Type of view to be returned in response

Assigned To Group

String (?)

Whether endpoint is assigned to a group

Endpoint Groups

Array

Groups that the endpoint should be added to

MAC Addresses

Array

Find endpoints by MAC Addresses Can be in EUI-48 or EUI-64 format, case insensitive, colon, hyphen or dot separated, or with no separator e.g. 01:23:45:67:89:AB, 01-23-45-67-89-ab, 0123.4567.89ab, 0123456789ab, 01:23:45:67:89🆎cd:ef.

Get Endpoint

Get an endpoint based on ID

GET /endpoint/v1/endpoints/{endpointId}

KeyTypeDescription

Tenant

Sophos Tenant

The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.

Endpoint*

Sophos Endpoint

None Provided

Fields

String (?)

The fields to return in a partial response

View

String

Type of view to be returned in response

Delete Endpoint

Deletes a specified endpoint

DELETE /endpoint/v1/endpoints/{endpointId}

KeyTypeDescription

Tenant

Sophos Tenant

The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.

Endpoint*

Sophos Endpoint

None Provided

Event Journal

List Event Journal Settings

Get all event journal settings

GET /endpoint/v1/settings/event-journal/{endpointType}

KeyTypeDescription

Tenant

Sophos Tenant

The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.

Endpoint Type*

String

Endpoint type

Update Event Journal Settings

Update settings for event journal size and disk space limits If you specify both a maximum disk space and a maximum journal size, the lower of these limits is used

PATCH /endpoint/v1/settings/event-journal/{endpointType}

KeyTypeDescription

Tenant

Sophos Tenant

The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.

Endpoint Type*

String

Endpoint type

Use Recommended

String (?)

Shows if the recommended setting is required

Disk Space Limit In Mb

String (?)

Maximum size of the event journal (MB)

Disk Space Limit As Percentage

String

Disk space limit for the event journal (percentage). The value 0 will mean Disk space limit is not specified.

Events

Get Events

Get events with timestamps within the last 24 hours

GET /siem/v1/events

KeyTypeDescription

X-Tenant-ID

Sophos Tenant

None Provided

limit

String (?)

The maximum number of items to return, default is 200, max is 1000

cursor

String (?)

Identifier for next item in the list, this value is available in response as next_cursor Response will default to last 24 hours if cursor is not within last 24 hours.

from_date

String (?)

The starting date from which alerts will be retrieved defined as Unix timestamp in UTCIgnored if cursor is set. Must be within last 24 hours.

exclude_types

String (?)

The String of list of types of events to be excluded

Exploit Mitigation

List Detected Exploits

Get detected exploits and the number of each detected exploit

GET /endpoint/v1/settings/exploit-mitigation/detected-exploits

KeyTypeDescription

Tenant

Sophos Tenant

The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.

Thumbprint Not In

Array

Filter out detected exploits with these thumbprints

Get Detected Exploit

Get a detected exploit by ID

GET /endpoint/v1/settings/exploit-mitigation/detected-exploits/{detectedExploitId}

KeyTypeDescription

Tenant

Sophos Tenant

The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.

Detected Exploit*

Sophos Detected Exploit

None Provided

List Exploit Mitigation Categories

Lists all the Exploit Mitigation categories

GET /endpoint/v1/settings/exploit-mitigation/categories

KeyTypeDescription

Tenant

Sophos Tenant

The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.

List Exploit Mitigation Applications

Get Exploit Mitigation settings for all protected applications

GET /endpoint/v1/settings/exploit-mitigation/applications

KeyTypeDescription

Tenant

Sophos Tenant

The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.

Type

String (?)

Exploit Mitigation Application type

Modified

String (?)

Whether or not Exploit Mitigation Application has been customized

Add Application To Exploit Mitigation Exclusions

Exclude a set of file paths from Exploit Mitigation

POST /endpoint/v1/settings/exploit-mitigation/applications

KeyTypeDescription

Tenant

Sophos Tenant

The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.

Paths

Array

Array of absolute paths to an application file to exclude. You may use HitmanProAlert expansion variables (For example, $desktop, $programfiles). Currently, this array may contain only one application path.

Get Application's Exploit Mitigation Settings

Get Exploit Mitigation settings for an application

GET /endpoint/v1/settings/exploit-mitigation/applications/{exploitMitigationApplicationId}

KeyTypeDescription

Tenant

Sophos Tenant

The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.

Exploit Mitigation Application*

Sophos Exploit Mitigation Application

Exploit Mitigation application ID

Update Application Exploit Mitigation Settings

Update Exploit Mitigation settings for an application

PATCH /endpoint/v1/settings/exploit-mitigation/applications/{exploitMitigationApplicationId}

KeyTypeDescription

Tenant

Sophos Tenant

The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.

Exploit Mitigation Application*

Sophos Exploit Mitigation Application

Exploit Mitigation application ID

Paths

Array

Array of absolute paths to an application file to exclude. You may use HitmanProAlert expansion variables (For example, $desktop, $programfiles). Currently, this array may contain only one application path.

Remove Exploit Mitigation Application

Deletes a custom (user-defined) Exploit Mitigation application by ID. Note you can only delete custom applications A request to delete a system-detected application fails with a 409 Conflict message

DELETE /endpoint/v1/settings/exploit-mitigation/applications/{exploitMitigationApplicationId}

KeyTypeDescription

Tenant

Sophos Tenant

The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.

Exploit Mitigation Application*

Sophos Exploit Mitigation Application

Exploit Mitigation application ID

Modification

KeyTypeDescription

protected

String (?)

None Provided

settings

String (?)

None Provided

Firewall Groups

List Firewall Groups

Retrieve firewall groups for a tenant

GET /firewall/v1/firewall-groups

KeyTypeDescription

Tenant

Sophos Tenant

The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.

Recurse Subgroups

String (?)

Whether to include nested child groups or not

Search

String (?)

Search for items that match the given terms

Search Fields

Array

Search only within the specified fields, username field is default if search query is specified

Create Firewall Group

Create firewall group

POST /firewall/v1/firewall-groups

KeyTypeDescription

Tenant

Sophos Tenant

The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.

Name

String (?)

Group name

Config Import Source Firewall

String (?)

ID for the firewall you're importing configuration settings from

Assign Firewalls

Array

IDs for the firewalls you're adding to the group

Firewall Group

Sophos Firewall Group

None Provided

Update Firewall Group

Change firewall group name. You can also assign firewalls to the group. Or remove firewalls from a group

PATCH /firewall/v1/firewall-groups/{groupId}

KeyTypeDescription

Tenant

Sophos Tenant

The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.

Firewall Group*

Sophos Firewall Group

None Provided

Name

String (?)

New group name

Assign Firewalls

Array

IDs for the firewalls you're adding to the group

Unassign Firewalls

Array

IDs for the firewalls you're removing from group

Delete Firewall Group

Delete the firewall group using its ID

DELETE /firewall/v1/firewall-groups/{groupId}

KeyTypeDescription

Tenant

Sophos Tenant

The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.

Firewall Group*

Sophos Firewall Group

None Provided

List Firewall Group Sync Status

Synchronization status for the firewalls in a group

GET /firewall/v1/firewall-groups/{groupId}/firewalls/sync-status

KeyTypeDescription

Tenant

Sophos Tenant

The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.

Firewall Group*

Sophos Firewall Group

None Provided

IDs

String (?)

None Provided

Firewalls

List Firewalls

List of firewalls

GET /firewall/v1/firewalls

KeyTypeDescription

Tenant

Sophos Tenant

The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.

Firewall Group

Sophos Firewall Group

None Provided

Search

String (?)

Search for items that match the given terms

Update Firewall

Update firewalls with supplied values

PATCH /firewall/v1/firewalls/{firewallId}

KeyTypeDescription

Tenant

Sophos Tenant

The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.

Firewall*

Sophos Firewall

None Provided

Name

String (?)

Firewall name

Delete Firewall

Delete firewall using its ID

DELETE /firewall/v1/firewalls/{firewallId}

KeyTypeDescription

Tenant

Sophos Tenant

The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.

Firewall*

Sophos Firewall

None Provided

Run Firewall Action

Action you want to do to a firewall

POST /firewall/v1/firewalls/{firewallId}/action

KeyTypeDescription

Tenant

Sophos Tenant

The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.

Firewall*

Sophos Firewall

None Provided

Action

String (?)

Actions that you can perform on these alerts

Check Firmware

Check firmware for firewalls

POST /firewall/v1/firewalls/actions/firmware-upgrade-check

KeyTypeDescription

Tenant

Sophos Tenant

The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.

Firewalls

Array

None Provided

Upgrade Firewall

Upgrade firewalls

POST /firewall/v1/firewalls/actions/firmware-upgrade

KeyTypeDescription

Tenant

Sophos Tenant

The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.

Firewalls*

Array

None Provided

Cancel Scheduled Firewall Upgrade

Cancel scheduled upgrade for a firewall

DELETE /firewall/v1/firewalls/actions/firmware-upgrade

KeyTypeDescription

Tenant

Sophos Tenant

The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.

Firewalls*

String (?)

None Provided

Geolocation

KeyTypeDescription

latitude

String (?)

None Provided

longitude

String (?)

None Provided

Global Tamper Protection

Check Global Tamper Protection Setting

Check whether Tamper Protection is turned on globally

GET /endpoint/v1/settings/tamper-protection

KeyTypeDescription

Tenant

Sophos Tenant

The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.

Intrusion Prevention

List Intrusion Prevention Exclusions

Get all Intrusion Prevention exclusions

GET /endpoint/v1/settings/exclusions/intrusion-prevention

KeyTypeDescription

Tenant

Sophos Tenant

The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.

Add Intrusion Prevention Exclusion

Add a new Intrusion Prevention exclusion

POST /endpoint/v1/settings/exclusions/intrusion-prevention

KeyTypeDescription

Tenant

Sophos Tenant

The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.

Local Ports

Array

Local protected ports

Remote Ports

Array

Remote protected ports

True True| required | | None Provided | | Direction | String (?) | Direction property of the intrusion prevention exclusion | | Remote Addresses | String (?) | Array of remote addresses for the intrusion prevention exclusion | | Comment* | String (?) | Comment indicating why the item should be allowed |

Get Intrusion Prevention Exclusion

Get an Intrusion Prevention exclusion by ID

GET /endpoint/v1/settings/exclusions/intrusion-prevention/{exclusionId}

KeyTypeDescription

Tenant

Sophos Tenant

The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.

Intrusions Exclusion*

Sophos Intrusions Exclusion

Exclusion ID

Remove Intrusion Prevention Exclusion

Delete an Intrusion Prevention exclusion by ID

DELETE /endpoint/v1/settings/exclusions/intrusion-prevention/{exclusionId}

KeyTypeDescription

Tenant

Sophos Tenant

The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.

Intrusions Exclusion*

Sophos Intrusions Exclusion

Exclusion ID

Update Intrusion Prevention Exclusion

Update an Intrusion Prevention exclusion by ID

PATCH /endpoint/v1/settings/exclusions/intrusion-prevention/{exclusionId}

KeyTypeDescription

Tenant

Sophos Tenant

The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.

Intrusions Exclusion*

Sophos Intrusions Exclusion

Exclusion ID

Local Ports

Array

Local protected ports

Remote Ports

Array

Remote protected ports

Direction

String (?)

Direction property of the intrusion prevention exclusion

Remote Addresses

String (?)

Array of remote addresses for the intrusion prevention exclusion

Comment*

String (?)

Comment indicating why the item should be allowed

Isolation Exclusions

List Isolation Exclusions

Get all isolation exclusions

GET /endpoint/v1/settings/exclusions/isolation

KeyTypeDescription

Tenant

Sophos Tenant

The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.

Create Isolation Exclusion

Adds a new Isolation exclusion

POST /endpoint/v1/settings/exclusions/isolation

KeyTypeDescription

Tenant

Sophos Tenant

The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.

Local Ports

Array

Local protected ports

Remote Ports

Array

Remote protected ports

True True| required | | None Provided | | Direction | String (?) | Direction property of the intrusion prevention exclusion | | Remote Addresses | String (?) | Array of remote addresses for the intrusion prevention exclusion | | Comment* | String (?) | Comment indicating why the item should be allowed |

Get Isolation Exclusion

Get a single Isolation exclusion by ID

GET /endpoint/v1/settings/exclusions/isolation/{exclusionId}

KeyTypeDescription

Tenant

Sophos Tenant

The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.

Isolation Exclusion*

Sophos Isolation Exclusion

Exclusion ID

Delete Isolation Exclusion

Deletes an Isolation exclusion

DELETE /endpoint/v1/settings/exclusions/isolation/{exclusionId}

KeyTypeDescription

Tenant

Sophos Tenant

The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.

Isolation Exclusion*

Sophos Isolation Exclusion

Exclusion ID

Update Isolation Exclusion

Updates an Isolation exclusion by ID

PATCH /endpoint/v1/settings/exclusions/isolation/{exclusionId}

KeyTypeDescription

Tenant

Sophos Tenant

The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.

Isolation Exclusion*

Sophos Isolation Exclusion

Exclusion ID

Local Ports

Array

Local protected ports

Remote Ports

Array

Remote protected ports

Direction

String (?)

Direction property of the intrusion prevention exclusion

Remote Addresses

String (?)

Array of remote addresses for the intrusion prevention exclusion

Comment*

String (?)

Comment indicating why the item should be allowed

Migrations

List Migrations

Gets all migration jobs for the tenant

GET /endpoint/v1/migrations

KeyTypeDescription

Tenant

Sophos Tenant

The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.

Mode

String

Filter migration jobs by sending or receiving mode

Start Receiving Migration Job

Start a migration job in the receiving tenant

POST /endpoint/v1/migrations

KeyTypeDescription

Tenant

Sophos Tenant

The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.

From Tenant

String (?)

Sending tenant

Endpoints

Array

Endpoints UUIDs

Get Migration Job

Get a single migration job

GET /endpoint/v1/migrations/{migrationJobId}

KeyTypeDescription

Tenant

Sophos Tenant

The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.

Migration Job*

Sophos Migration Job

Migration job ID

Start Starting Migration Job

Start a migration job in the sending tenant

PUT /endpoint/v1/migrations/{migrationJobId}

KeyTypeDescription

Tenant

Sophos Tenant

The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.

Migration Job*

Sophos Migration Job

Migration job ID

Token

String (?)

Job token

Endpoints

Array

Endpoints UUIDs

List Migration Endpoint Statuses

Gets the status of endpoints that are being migrated

GET /endpoint/v1/migrations/{migrationJobId}/endpoints

KeyTypeDescription

Tenant

Sophos Tenant

The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.

Migration Job*

Sophos Migration Job

Migration job ID

Packages

List Recommended Packages

Get all Sophos Recommended packages for the tenant

GET /endpoint/v1/software/packages/recommended

KeyTypeDescription

Tenant

Sophos Tenant

The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.

List Static Packages

Get all static packages available for the tenant

GET /endpoint/v1/software/packages/static

KeyTypeDescription

Tenant

Sophos Tenant

The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.

Sort

Array

Defines how to sort the data

Endpoint Type*

String

Endpoint type

Platform

String

Filter to the platform of the static package

Type

String (?)

Show the type of static package

Expires From

String (?)

Show static packages that expire on or after this date (inclusive)

Expires To

String (?)

Show static packages that expire before this date (exclusive)

Released From

String (?)

Show static packages that were released on or after this date (inclusive)

Released To

String (?)

Show static packages that were released before this date (exclusive)

Get Static Package

Get an individual static package

GET /endpoint/v1/software/packages/static/{staticPackageId}

KeyTypeDescription

Tenant

Sophos Tenant

The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.

Static Packages*

Sophos Static Package

None Provided

Add Package

Add a package by token, supplied by Sophos support. This is a one-way operation

POST /endpoint/v1/software/packages/static/{staticPackageId}/add

KeyTypeDescription

Tenant

Sophos Tenant

The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.

Static Packages*

Sophos Static Package

None Provided

List Static Package Comments

Get all software comments

GET /endpoint/v1/software/comments

KeyTypeDescription

Tenant

Sophos Tenant

The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.

Get Static Package Comment

Get the static package comment

GET /endpoint/v1/software/comments/{staticPackageId}

KeyTypeDescription

Tenant

Sophos Tenant

The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.

Static Packages*

Sophos Static Package

None Provided

Update Static Package Comment

Add/Update the static package comment

PUT /endpoint/v1/software/comments/{staticPackageId}

KeyTypeDescription

Tenant

Sophos Tenant

The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.

Static Packages*

Sophos Static Package

None Provided

Comment*

String (?)

Comment indicating why the item should be allowed

Delete Static Package Comment

Delete the static package comment

DELETE /endpoint/v1/software/comments/{staticPackageId}

KeyTypeDescription

Tenant

Sophos Tenant

The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.

Static Packages*

Sophos Static Package

None Provided

Partner Admins

List Partner Admins

List all partner admins

GET /partner/v1/admins

KeyTypeDescription

X-Partner-ID*

String (?)

Partner ID

Sort

Array

Defines how to sort the data

Fields

String (?)

The fields to return in a partial response

Search

String (?)

Search for items that match the given terms

Email

String (?)

None Provided

Partner Role

Sophos Partner Role

Role ID

With Access To Tenant

String (?)

Search for admins that have access to the given tenant

Create Partner Admin

Create a new partner administrator

POST /partner/v1/admins

KeyTypeDescription

X-Partner-ID*

String (?)

Partner ID

Username

String (?)

Administrator username (email)

Get Partner Admin

Get partner administrator details by ID

GET /partner/v1/admins/{adminId}

KeyTypeDescription

X-Partner-ID*

String (?)

Partner ID

Partner Admin*

Sophos Partner Admin

Admin ID

List All Partner Roles

Get the list of role assignments for a given admin

GET /partner/v1/admins/{adminId}/role-assignments

KeyTypeDescription

X-Partner-ID*

String (?)

Partner ID

Partner Admin*

Sophos Partner Admin

Admin ID

Assign A Partner Admin Role

Assign a role to a partner administrator

POST /partner/v1/admins/{adminId}/role-assignments

KeyTypeDescription

X-Partner-ID*

String (?)

Partner ID

Partner Admin*

Sophos Partner Admin

Admin ID

Partner Role*

Sophos Partner Role

Role ID

Get Partner Admin Role Assignment

Get partner administrator role assignment by ID

GET /partner/v1/admins/{adminId}/role-assignments/{assignmentId}

KeyTypeDescription

X-Partner-ID*

String (?)

Partner ID

Partner Admin*

Sophos Partner Admin

Admin ID

Partner Role Assignment*

Sophos Partner Role Assignment

Role Assignment ID

Remove A Partner Admin Role Assignment

Remove role assignment from a partner admin

DELETE /partner/v1/admins/{adminId}/role-assignments/{assignmentId}

KeyTypeDescription

X-Partner-ID*

String (?)

Partner ID

Partner Admin*

Sophos Partner Admin

Admin ID

Partner Role Assignment*

Sophos Partner Role Assignment

Role Assignment ID

Profile

KeyTypeDescription

Name

String (?)

Full name

firstName

String (?)

None Provided

lastName

String (?)

None Provided

phone

String (?)

None Provided

mobile

String (?)

None Provided

fax

String (?)

None Provided

Partnerroleassignment

KeyTypeDescription

roleId

String (?)

Role UUID

Scope

KeyTypeDescription

Type*

String

Role assignment scope type

Tenant

String (?)

Tenant ID. Optional when type is allManagedTenants or self

Partner Billing

List Partner Usage Report

Gets a partner usage report for a particular month and year

GET /partner/v1/billing/usage/{year}/{month}

KeyTypeDescription

X-Partner-ID

String (?)

Partner ID

Month*

String (?)

Month of the year

Year*

String (?)

Year

Fields

String (?)

The fields to return in a partial response

Contact Email

String (?)

Tenant email for contact

Tenant*

Sophos Tenant

The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.

Partner Role Management

List Partner Roles

List all partner roles

GET /partner/v1/roles

KeyTypeDescription

X-Partner-ID

String (?)

Partner ID

Type

String (?)

Role type

Principal Type

String

Principal type of role

Fields

String (?)

The fields to return in a partial response

Create Partner Role

Create a new partner role

POST /partner/v1/roles

KeyTypeDescription

X-Partner-ID

String (?)

Partner ID

Fields

String (?)

The fields to return in a partial response

Name

String (?)

Role name

Description

String (?)

Group description

Principal Type

String

Principal type of role

Permission Sets

String (?)

List of permission sets

Get Partner Role

Get a partner role by ID

GET /partner/v1/roles/{roleId}

KeyTypeDescription

X-Partner-ID

String (?)

Partner ID

Partner Role*

Sophos Partner Role

Role ID

Fields

String (?)

The fields to return in a partial response

Delete Partner Role

Delete a partner role by ID

DELETE /partner/v1/roles/{roleId}

KeyTypeDescription

X-Partner-ID

String (?)

Partner ID

Partner Role*

Sophos Partner Role

Role ID

Update Partner Role

Update an existing partner role

PATCH /partner/v1/roles/{roleId}

KeyTypeDescription

X-Partner-ID

String (?)

Partner ID

Partner Role*

Sophos Partner Role

Role ID

Fields

String (?)

The fields to return in a partial response

Name

String (?)

Role name

Description

String (?)

Group description

Permission Sets

String (?)

List of permission sets

Get Partner Role Permission Sets

Get permission set details for a Partner Role

GET /partner/v1/roles/permission-sets

KeyTypeDescription

X-Partner-ID

String (?)

Partner ID

Fields

String (?)

The fields to return in a partial response

Type

String (?)

Permission set type

Product

Array

Alerts for a product. You can query by product types

Access

String

Access level of permission set

Allowed In Custom Role

String (?)

Filter permissions sets allowed in custom roles

Principal Type

String

Principal type of role

Peripheral Control

List Peripherals

Get all the peripherals

GET /endpoint/v1/settings/peripheral-control/peripherals

KeyTypeDescription

Tenant

Sophos Tenant

The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.

Last Seen After

String (?)

Find endpoints that were last seen after the given date and time (UTC) or a duration relative to the current date and time (inclusive).

Type

String (?)

One or more peripheral types to include

Get Peripheral

Get a peripheral by ID

GET /endpoint/v1/settings/peripheral-control/peripherals/{peripheralId}

KeyTypeDescription

Tenant

Sophos Tenant

The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.

Peripheral*

Sophos Peripheral

None Provided

Policy Management

List Policies

List the policies of a tenant

GET /endpoint/v1/policies

KeyTypeDescription

Tenant

Sophos Tenant

The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.

Policy Type

String

Policy type

Fields

String (?)

The fields to return in a partial response

Create Policy

Create a new policy

POST /endpoint/v1/policies

KeyTypeDescription

Tenant

Sophos Tenant

The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.

Name*

String (?)

Policy name

Type*

String (?)

Policy type

Priority*

String (?)

Policy priority

Enabled

String (?)

Whether Tamper Protection should be turned on for the endpoint

Disable At*

String (?)

When the policy should be turned off

Applies To*

String (?)

None Provided

Settings

String (?)

Settings for this object

Get Policy Setting Metadata

Get a list of metadata for the policy settings

GET /endpoint/v1/policies/settings

KeyTypeDescription

Tenant

Sophos Tenant

The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.

Policy Type

String

Policy type

Get Policy

Gets a policy's details

GET /endpoint/v1/policies/{policyId}

KeyTypeDescription

Tenant

Sophos Tenant

The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.

Policy*

Sophos Policy

None Provided

Update Policy

Update policy. Note you can only change the settings for a base policy

PATCH /endpoint/v1/policies/{policyId}

KeyTypeDescription

Tenant

Sophos Tenant

The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.

Policy*

Sophos Policy

None Provided

Name

String (?)

Policy name

Priority*

String (?)

Policy priority

Enabled

String (?)

Whether Tamper Protection should be turned on for the endpoint

Disable At*

String (?)

When the policy should be turned off

Applies To*

String (?)

None Provided

Settings

String (?)

Settings for this object

Delete Policy

Deletes a policy

DELETE /endpoint/v1/policies/{policyId}

KeyTypeDescription

Tenant

Sophos Tenant

The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.

Policy*

Sophos Policy

None Provided

List Policy Settings

Gets a list of policy settings

GET /endpoint/v1/policies/{policyId}/settings

KeyTypeDescription

Tenant

Sophos Tenant

The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.

Policy*

Sophos Policy

None Provided

Update Policy Settings

Updates policy settings

PATCH /endpoint/v1/policies/{policyId}/settings

KeyTypeDescription

Tenant

Sophos Tenant

The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.

Policy*

Sophos Policy

None Provided

ordereddict([('description', 'Keys have specific names documented here'), ('type', 'object'), ('x-anchor-description', 'JSON Schema object data type')])

Reset All Settings For A Policy

Reset policy settings

POST /endpoint/v1/policies/{policyId}/settings/reset

KeyTypeDescription

Tenant

Sophos Tenant

The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.

Policy*

Sophos Policy

None Provided

Get Policy Setting Value

Get the value of a setting key in a policy

GET /endpoint/v1/policies/{policyId}/settings/{settingKey}

KeyTypeDescription

Tenant

Sophos Tenant

The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.

Policy*

Sophos Policy

None Provided

Setting Key*

String (?)

Setting key

Reset Single Policy Setting

Reset a setting to its default value

POST /endpoint/v1/policies/{policyId}/settings/{settingKey}/reset

KeyTypeDescription

Tenant

Sophos Tenant

The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.

Policy*

Sophos Policy

None Provided

Setting Key*

String (?)

Setting key

Clone Policy

Clone a policy

POST /endpoint/v1/policies/{policyId}/clone

KeyTypeDescription

Tenant

Sophos Tenant

The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.

Policy*

Sophos Policy

None Provided

Name

String (?)

Name of the newly cloned policy

Get Base Policy

Get base policy for a policy type

GET /endpoint/v1/policies/{policyType}/base

KeyTypeDescription

Tenant

Sophos Tenant

The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.

Policy Type*

String

Policy type

Update Base Policy

Update base policy. Note that only settings can be changed

PATCH /endpoint/v1/policies/{policyType}/base

KeyTypeDescription

Tenant

Sophos Tenant

The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.

Policy Type*

String

Policy type

Settings

String (?)

Settings for this object

Get Base Policy Settings

Get settings of the base policy for a policy type

GET /endpoint/v1/policies/{policyType}/base/settings

KeyTypeDescription

Tenant

Sophos Tenant

The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.

Policy Type*

String

Policy type

Update Base Policy Settings

Update settings in the base policy for a policy type

PATCH /endpoint/v1/policies/{policyType}/base/settings

KeyTypeDescription

Tenant

Sophos Tenant

The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.

Policy Type*

String

Policy type

ordereddict([('description', 'Keys have specific names documented here'), ('type', 'object'), ('x-anchor-description', 'JSON Schema object data type')])

Reset Base Policy Settings

Reset the settings in a base policy

POST /endpoint/v1/policies/{policyType}/base/settings/reset

KeyTypeDescription

Tenant

Sophos Tenant

The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.

Policy Type*

String

Policy type

Get Base Policy Setting

Get the value of a setting in the base policy for a policy type

GET /endpoint/v1/policies/{policyType}/base/settings/{settingKey}

KeyTypeDescription

Tenant

Sophos Tenant

The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.

Policy Type*

String

Policy type

Setting Key*

String (?)

Setting key

Update Base Policy Setting

Update a setting in the base policy

PATCH /endpoint/v1/policies/{policyType}/base/settings/{settingKey}

KeyTypeDescription

Tenant

Sophos Tenant

The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.

Policy Type*

String

Policy type

Setting Key*

String (?)

Setting key

Reset Setting In Base Policy

Reset a setting in the base policy to its default value

POST /endpoint/v1/policies/{policyType}/base/settings/{settingKey}/reset

KeyTypeDescription

Tenant

Sophos Tenant

The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.

Policy Type*

String

Policy type

Setting Key*

String (?)

Setting key

Clone Base Policy

Clone a new policy from the base policy for a policy type

POST /endpoint/v1/policies/{policyType}/base/clone

KeyTypeDescription

Tenant

Sophos Tenant

The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.

Policy Type*

String

Policy type

Name

String (?)

Name of the newly cloned policy

Scanning Exclusions

List Scanning Exclusions

List scanning exclusions

GET /endpoint/v1/settings/exclusions/scanning

KeyTypeDescription

Tenant

Sophos Tenant

The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.

Type

String (?)

Scanning Exclusion type

Add Scanning Exclusion

Add a new scanning exclusion

POST /endpoint/v1/settings/exclusions/scanning

KeyTypeDescription

Tenant

Sophos Tenant

The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.

Value*

String (?)

Exclusion value

Type*

String (?)

Scanning exclusion type

Scan Mode*

String (?)

Default value of scan mode is \"onDemandAndOnAccess\" for exclusions of type path, posixPath and virtualPath, \"onAccess\" for process, web, pua, amsi. Behavioral and Detected Exploits (exploitMitigation) type exclusions do not support a scan mode.

Comment*

String (?)

Comment indicating why the item should be allowed

Get Scanning Exclusion

Get a scanning exclusion by ID

GET /endpoint/v1/settings/exclusions/scanning/{exclusionId}

KeyTypeDescription

Tenant

Sophos Tenant

The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.

Scanning Exclusion*

Sophos Scanning Exclusion

Exclusion ID

Update Scanning Exclusion

Update a scanning exclusion by ID

PATCH /endpoint/v1/settings/exclusions/scanning/{exclusionId}

KeyTypeDescription

Tenant

Sophos Tenant

The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.

Scanning Exclusion*

Sophos Scanning Exclusion

Exclusion ID

Value*

String (?)

Exclusion value

Scan Mode*

String (?)

Default value of scan mode is \"onDemandAndOnAccess\" for exclusions of type path, posixPath and virtualPath, \"onAccess\" for process, web, pua, amsi. Behavioral and Detected Exploits (exploitMitigation) type exclusions do not support a scan mode.

Comment*

String (?)

Comment indicating why the item should be allowed

Delete Scanning Exclusion

Deletes a scanning exclusion

DELETE /endpoint/v1/settings/exclusions/scanning/{exclusionId}

KeyTypeDescription

Tenant

Sophos Tenant

The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.

Scanning Exclusion*

Sophos Scanning Exclusion

Exclusion ID

Scans

Scan Endpoint

Sends a request to the specified endpoint to perform or configure a scan

POST /endpoint/v1/endpoints/{endpointId}/scans

KeyTypeDescription

Tenant

Sophos Tenant

The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.

Endpoint*

Sophos Endpoint

None Provided

ordereddict([('description', 'Request to configure or perform a scan on the endpoint'), ('type', 'object'), ('x-anchor-description', 'JSON Schema object data type')])

Tamper Protection

Get Endpoint's Tamper Protection Settings

Get Tamper Protection settings for a specified endpoint

GET /endpoint/v1/endpoints/{endpointId}/tamper-protection

KeyTypeDescription

Tenant

Sophos Tenant

The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.

Endpoint*

Sophos Endpoint

None Provided

Update Endpoint Tamper Protection Settings

Turns Tamper Protection on or off on an endpoint. Or generates a new Tamper Protection password Note that Tamper Protection can be turned on for an endpoint only if it has also been turned on globally.

POST /endpoint/v1/endpoints/{endpointId}/tamper-protection

KeyTypeDescription

Tenant

Sophos Tenant

The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.

Endpoint*

Sophos Endpoint

None Provided

Enabled

String (?)

Whether Tamper Protection should be turned on for the endpoint

Regenerate Password

String (?)

Whether a new Tamper Protection password should be generated

Tenant Access

List Tenant Admins

List all tenant admins

GET /common/v1/admins

KeyTypeDescription

Tenant

Sophos Tenant

The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.

Sort

Array

Defines how to sort the data

Fields

String (?)

The fields to return in a partial response

Search

String (?)

Search for items that match the given terms

Search Fields

Array

Search only within the specified fields, username field is default if search query is specified

Tenant Role

Sophos Tenant Role

Role ID

Create Tenant Admin

Create a tenant admin from a directory user

POST /common/v1/admins

KeyTypeDescription

Tenant

Sophos Tenant

The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.

Fields

String (?)

The fields to return in a partial response

User

Sophos User

None Provided

Get Tenant Admin

Get admin details by ID

GET /common/v1/admins/{adminId}

KeyTypeDescription

Tenant

Sophos Tenant

The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.

Tenant Admin*

Sophos Tenant Admin

Admin ID

Fields

String (?)

The fields to return in a partial response

Delete Tenant Admin

Remove an admin by ID

DELETE /common/v1/admins/{adminId}

KeyTypeDescription

Tenant

Sophos Tenant

The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.

Tenant Admin*

Sophos Tenant Admin

Admin ID

List All Roles For Admin

Get the list of role assignments for a given admin

GET /common/v1/admins/{adminId}/role-assignments

KeyTypeDescription

Tenant

Sophos Tenant

The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.

Tenant Admin*

Sophos Tenant Admin

Admin ID

Assign A Role To A Tenant Admin

Assign a role of principal type "user" to a tenant admin Any existing assignment is overridden

POST /common/v1/admins/{adminId}/role-assignments

KeyTypeDescription

Tenant

Sophos Tenant

The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.

Tenant Admin*

Sophos Tenant Admin

Admin ID

Tenant Role

Sophos Tenant Role

Role ID

Get Specific Tenant Admin's Role Information

Get tenant admin role assignment information by ID

GET /common/v1/admins/{adminId}/role-assignments/{assignmentId}

KeyTypeDescription

Tenant

Sophos Tenant

The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.

Tenant Admin*

Sophos Tenant Admin

Admin ID

Tenant Role Assignment*

Sophos Tenant Role Assignment

Role Assignment ID

Remove Tenant Admin Role Assignment

Remove role assignment from an admin account

DELETE /common/v1/admins/{adminId}/role-assignments/{assignmentId}

KeyTypeDescription

Tenant

Sophos Tenant

The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.

Tenant Admin*

Sophos Tenant Admin

Admin ID

Tenant Role Assignment*

Sophos Tenant Role Assignment

Role Assignment ID

Role Assignment

KeyTypeDescription

roleId

String (?)

Role UUID

Tenant Role Management

List Tenant Roles

List all roles in the tenant

GET /common/v1/roles

KeyTypeDescription

Tenant

Sophos Tenant

The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.

Type

String (?)

Role type

Principal Type

String

Principal type of role

Fields

String (?)

The fields to return in a partial response

Create Tenant Role

Create a new tenant role

POST /common/v1/roles

KeyTypeDescription

Tenant

Sophos Tenant

The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.

Fields

String (?)

The fields to return in a partial response

Name

String (?)

Role name

Description

String (?)

Group description

Principal Type

String

Principal type of role

Permission Sets

String (?)

List of permission sets

Get Tenant Role

Get Tenant Role by ID

GET /common/v1/roles/{roleId}

KeyTypeDescription

Tenant

Sophos Tenant

The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.

Tenant Role*

Sophos Tenant Role

Role ID

Fields

String (?)

The fields to return in a partial response

Delete Tenant Role

Delete a tenant role by ID

DELETE /common/v1/roles/{roleId}

KeyTypeDescription

Tenant

Sophos Tenant

The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.

Tenant Role*

Sophos Tenant Role

Role ID

Update Tenant Role

Update an existing tenant role

PATCH /common/v1/roles/{roleId}

KeyTypeDescription

Tenant

Sophos Tenant

The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.

Tenant Role*

Sophos Tenant Role

Role ID

Fields

String (?)

The fields to return in a partial response

Name

String (?)

Role name

Description

String (?)

Group description

Permission Sets

String (?)

List of permission sets

List Tenant Role Permission Sets

Get permission set details for roles

GET /common/v1/roles/permission-sets

KeyTypeDescription

Tenant

Sophos Tenant

The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.

Fields

String (?)

The fields to return in a partial response

Type

String (?)

Permission set type

Product

Array

Alerts for a product. You can query by product types

Access

String

Access level of permission set

Allowed In Custom Role

String (?)

Filter permissions sets allowed in custom roles

Principal Type

String

Principal type of role

Tenants

Create Tenant

Create a new tenant

POST /partner/v1/tenants

KeyTypeDescription

X-Partner-ID

String (?)

Partner ID

Fields

String (?)

The fields to return in a partial response

Show As

String (?)

Tenant display name

True True| required | | None Provided | | Name* | String (?) | Tenant name. This cannot be changed after the tenant has been created | | Data Geography | String (?) | Geographical location where the tenant data is stored | | Billing Type | String (?) | Billing type |

List Tenants

List all the tenants for a partner

GET /partner/v1/tenants

KeyTypeDescription

X-Partner-ID

String (?)

Partner ID

Fields

String (?)

The fields to return in a partial response

Get Tenant

Get a tenant by ID

GET /partner/v1/tenants/{tenantId}

KeyTypeDescription

X-Partner-ID

String (?)

Partner ID

Tenant*

Sophos Tenant

The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.

Fields

String (?)

The fields to return in a partial response

Contact

KeyTypeDescription

firstName

String (?)

None Provided

lastName

String (?)

None Provided

Email

String (?)

None Provided

phone

String (?)

None Provided

mobile

String (?)

None Provided

fax

String (?)

None Provided

address

String (?)

None Provided

Update Checks

Request Endpoint Update Check

Sends a request to the endpoint to check for Sophos management agent software updates

POST /endpoint/v1/endpoints/{endpointId}/update-checks

KeyTypeDescription

Tenant

Sophos Tenant

The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.

Endpoint*

Sophos Endpoint

None Provided

ordereddict([('description', 'Request to the endpoint to check for updates to the Sophos agent software and protection data'), ('type', 'object'), ('x-anchor-description', 'JSON Schema object data type')])

Web Controls

List Local Sites

Get all sites for the tenant

GET /endpoint/v1/settings/web-control/local-sites

KeyTypeDescription

Tenant

Sophos Tenant

The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.

Add Local Site Exclusion

Adds a new local site to your exclusions

POST /endpoint/v1/settings/web-control/local-sites

KeyTypeDescription

Tenant

Sophos Tenant

The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.

Website Category

Sophos Website Category

Category associated with this local site.

Tags

Array

Array of tags associated with this local site setting. Either categoryId or tags must be provided

True True| required | | None Provided | | URL | String (?) | None Provided | | Comment* | String (?) | Comment indicating why the item should be allowed |

Get Local Site

Get a local site by ID

GET /endpoint/v1/settings/web-control/local-sites/{localSiteId}

KeyTypeDescription

Tenant

Sophos Tenant

The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.

Local Site*

String (?)

Local site ID

Update Local Site

Update a local site definition

PATCH /endpoint/v1/settings/web-control/local-sites/{localSiteId}

KeyTypeDescription

Tenant

Sophos Tenant

The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.

Local Site*

String (?)

Local site ID

Website Category

Sophos Website Category

Category associated with this local site.

Tags

Array

Array of tags associated with this local site setting. Either categoryId or tags must be provided

URL

String (?)

None Provided

Comment*

String (?)

Comment indicating why the item should be allowed

Delete Local Site

Deletes the specified local site

DELETE /endpoint/v1/settings/web-control/local-sites/{localSiteId}

KeyTypeDescription

Tenant

Sophos Tenant

The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.

Local Site*

String (?)

Local site ID

List Web Categories

Get all Web Control categories

GET /endpoint/v1/settings/web-control/categories

KeyTypeDescription

Tenant

Sophos Tenant

The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.

List SSL/Tls Settings

Get settings for SSL/TLS decryption of HTTPS websites

GET /endpoint/v1/settings/web-control/tls-decryption

KeyTypeDescription

Tenant

Sophos Tenant

The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.

Update SSL/Tls Settings

Update settings for SSL/TLS decryption of HTTPS websites

PATCH /endpoint/v1/settings/web-control/tls-decryption

KeyTypeDescription

Tenant

Sophos Tenant

The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.

Enabled

String (?)

Whether Tamper Protection should be turned on for the endpoint

List SSL/Tls Excluded Sites

List of websites excluded from SSL/TLS decryption

GET /endpoint/v1/settings/web-control/tls-decryption/excluded-websites

KeyTypeDescription

Tenant

Sophos Tenant

The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.

Update SSL/Tls Exclusions

Add and remove websites excluded from SSL/TLS decryption

PATCH /endpoint/v1/settings/web-control/tls-decryption/excluded-websites

KeyTypeDescription

Tenant

Sophos Tenant

The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.

Clear SSL/Tls Website Exclusions

Clears the list of websites excluded from SSL/TLS decryption

DELETE /endpoint/v1/settings/web-control/tls-decryption/excluded-websites

KeyTypeDescription

Tenant

Sophos Tenant

The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.

Category

KeyTypeDescription

id

String (?)

Web decryption category ID matching the Web Control categories

decryptionEnabled

String (?)

Whether web decryption is enabled on websites in this category

Websitestoadd

KeyTypeDescription

value

String (?)

Website IP address, IP address range or domain

comment

String (?)

Comment indicating why the site was excluded

Remove

KeyTypeDescription

value

String (?)

Website IP address, IP address range or domain

comment

String (?)

Comment indicating why the site was excluded

Last updated

Logo

Community

💬 Discord✅ Discord Join and Verification

Feedback

⬆️ Canny

Support

🆘 Support🚨Support Priorities🗣️Create a Ticket📞 Contact

Copyright © 2024 Rewst