Sophos Integration Setup
Integrating Rewst with Sophos brings robust cybersecurity capabilities to your Rewst workflows, enhancing data protection and threat management. With the integration, Rewst users can leverage Sophos' advanced security solutions to strengthen their defense against cyber threats. This includes features such as malware detection, ransomware protection, network security, and endpoint protection. By integrating Sophos into Rewst, users can enhance their security posture, mitigate risks, and safeguard sensitive data. The integration empowers users to proactively manage their cybersecurity within the Rewst platform, ensuring a secure environment for their operations and protecting against evolving threats.
Setup
To set up the Sophos Integration, you'll need to do the following:
Navigate to the Global Settings of Sophos and locate the API Credentials Management section.
Click on the "Add Credential" button to initiate the process of adding a new credential.
Provide a name and description for the credential to identify and distinguish it from others.
Choose the role that will be assigned to this credential. The available roles to choose from can be viewed here.
Navigate to the integrations page in Rewst.
Click on the Sophos integration.
Fill out the integration form.
Submit the form.
We'll run a quick test to ensure that the credentials are valid and that we can successfully connect to the Sophos API.
Actions
Alerts
List Alertsβ
List alerts matching specified criteria
GET /common/v1/alerts
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Group Key
String (?)
Alert group key. You can filter by group key
From
String (?)
You can find alerts that were raised on or after this time
To
String (?)
You can find alerts that were raised before this time
Sort
Array
Defines how to sort the data
Product
Array
Alerts for a product. You can query by product types
Category
Array
Alert category. You can query by different categories
Severity
Array
Alerts for a specific severity level. You can query by severity levels
Alerts
String (?)
List of IDs
Fields
String (?)
The fields to return in a partial response
Get Alertβ
Get details of a specific alert
GET /common/v1/alerts/{alertId}
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Alert*
Sophos Alert
None Provided
Take Action On Alertβ
Take an action on a specific alert
POST /common/v1/alerts/{alertId}/actions
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Alert*
Sophos Alert
None Provided
Action*
String (?)
Actions that you can perform on these alerts
Message
String (?)
Message to send for the action
Allowed Items
List Exemptionsβ
Get all allowed items from settings
GET /endpoint/v1/settings/allowed-items
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Create Exemptionβ
Exempt an item from conviction
POST /endpoint/v1/settings/allowed-items
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Type*
String (?)
Property by which an item is allowed
Comment*
String (?)
Comment indicating why the item should be allowed
Origin Person*
String (?)
Person associated with the endpoint where the item to be allowed was last seen
Origin Endpoint
String (?)
Endpoint where the item to be allowed was last seen
Get Exemptionβ
Get an exemption by ID
GET /endpoint/v1/settings/allowed-items/{allowedItemId}
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Blocked Item*
Sophos Blocked Item
None Provided
Update Exemptionβ
Update an exemption
PATCH /endpoint/v1/settings/allowed-items/{allowedItemId}
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Blocked Item*
Sophos Blocked Item
None Provided
Comment*
String (?)
Comment indicating why the item should be allowed
Delete Exemptionβ
Deletes the specified exemption
DELETE /endpoint/v1/settings/allowed-items/{allowedItemId}
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Blocked Item*
Sophos Blocked Item
None Provided
Propertyβ
File Name*
String (?)
File name
Path*
String (?)
Path for the application
Sha256*
String (?)
Sha256 value for the application
Certificate Signer*
String (?)
Value saved for the certificateSigner
Blocked Items
List Quarantined Itemsβ
Get all blocked items
GET /endpoint/v1/settings/blocked-items
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Add Item To Quarantineβ
Block an item from exoneration
POST /endpoint/v1/settings/blocked-items
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Type*
String (?)
Property by which an item is blocked
Comment*
String (?)
Comment indicating why the item should be allowed
Get Quarantined Itemβ
Get a blocked item by ID
GET /endpoint/v1/settings/blocked-items/{blockedItemId}
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Blocked Item*
Sophos Blocked Item
None Provided
Delete From Quarantineβ
Deletes the specified blocked item
DELETE /endpoint/v1/settings/blocked-items/{blockedItemId}
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Blocked Item*
Sophos Blocked Item
None Provided
Property - Blocked Itemsβ
File Name*
String (?)
File name
Path*
String (?)
Path for the application
Sha256*
String (?)
Sha256 value for the application
Certificate Signer*
String (?)
Value saved for the certificateSigner
Directory Management
List Usersβ
List users in the directory
GET /common/v1/directory/users
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Sort
Array
Defines how to sort the data
Fields
String (?)
The fields to return in a partial response
IDs
String (?)
List of item IDs to match
Search
String (?)
Search for items that match the given terms
Search Fields
Array
Search only within the specified fields, username field is default if search query is specified
Source Type
String
Source directory type
User Group
Sophos User Group
None Provided
Domain
String (?)
List the items that match the given domain
Create Userβ
Add a new user to the directory
POST /common/v1/directory/users
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Fields
String (?)
The fields to return in a partial response
Name
String (?)
User's full name
First Name
String (?)
None Provided
Last Name
String (?)
None Provided
String (?)
User's email address
Exchange Login
String (?)
User's Exchange login
User Group
Array
Groups that the user should be added to
Get Userβ
Get a user by ID
GET /common/v1/directory/users/{userId}
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
User*
Sophos User
None Provided
Fields
String (?)
The fields to return in a partial response
Delete Userβ
Delete a user by ID
DELETE /common/v1/directory/users/{userId}
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
User*
Sophos User
None Provided
Update Userβ
Update an existing user
PATCH /common/v1/directory/users/{userId}
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
User*
Sophos User
None Provided
Fields
String (?)
The fields to return in a partial response
Name
String (?)
User's full name
First Name
String (?)
None Provided
Last Name
String (?)
None Provided
String (?)
User's email address
Exchange Login
String (?)
User's Exchange login
List User Groupsβ
List user groups in the directory
GET /common/v1/directory/user-groups
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Sort
Array
Defines how to sort the data
Fields
String (?)
The fields to return in a partial response
IDs
String (?)
List of item IDs to match
Search
String (?)
Search for items that match the given terms
Search Fields
Array
Search only within the specified fields, username field is default if search query is specified
Source Type
String
Source directory type
User
Sophos User
None Provided
Domain
String (?)
List the items that match the given domain
Create User Groupβ
Add a new group to the directory
POST /common/v1/directory/user-groups
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Fields
String (?)
The fields to return in a partial response
Name
String (?)
Group name
Description
String (?)
Group description
Users
Array
Users in the group
Get User Groupβ
Get a user group by ID
GET /common/v1/directory/user-groups/{groupId}
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
User Group*
Sophos User Group
None Provided
Fields
String (?)
The fields to return in a partial response
Delete User Groupβ
Deletes the specified user group. The group must be empty.
DELETE /common/v1/directory/user-groups/{groupId}
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
User Group*
Sophos User Group
None Provided
Update User Groupβ
Update a user group
PATCH /common/v1/directory/user-groups/{groupId}
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
User Group*
Sophos User Group
None Provided
Fields
String (?)
The fields to return in a partial response
Name
String (?)
New group name
Description
String (?)
Group description
Get User Group Membershipβ
List groups that a user belongs to
GET /common/v1/directory/users/{userId}/groups
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
User*
Sophos User
None Provided
Sort
Array
Defines how to sort the data
Fields
String (?)
The fields to return in a partial response
Search
String (?)
Search for items that match the given terms
Search Fields
Array
Search only within the specified fields, username field is default if search query is specified
Source Type
String
Source directory type
Domain
String (?)
List the items that match the given domain
Add User To Group(S)β
Add a user to multiple groups
POST /common/v1/directory/users/{userId}/groups
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
User*
Sophos User
None Provided
IDs
String (?)
List of group IDs
Remove User From Group(S)β
Remove a user from multiple groups
DELETE /common/v1/directory/users/{userId}/groups
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
User*
Sophos User
None Provided
User Groups
String (?)
List of group IDs
List Users In Groupβ
List users in the specified group
GET /common/v1/directory/user-groups/{groupId}/users
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
User Group*
Sophos User Group
None Provided
Sort
Array
Defines how to sort the data
Fields
String (?)
The fields to return in a partial response
Search
String (?)
Search for items that match the given terms
Search Fields
Array
Search only within the specified fields, username field is default if search query is specified
Source Type
String
Source directory type
Domain
String (?)
List the items that match the given domain
Add User(S) To Groupβ
Add multiple users to the specified group
POST /common/v1/directory/user-groups/{groupId}/users
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
User Group*
Sophos User Group
None Provided
Users
String (?)
List of user IDs
Remove User(S) From Groupβ
Remove multiple users from a group
DELETE /common/v1/directory/user-groups/{groupId}/users
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
User Group*
Sophos User Group
None Provided
Users
String (?)
List of user IDs
Downloads
List Endpoint Installer Linksβ
Get all the endpoint installer links for a tenant
GET /endpoint/v1/downloads
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Requested Products
Array
Products to include in the installers. All values are given if you don't use filters
Platforms
Array
Specify which platforms to include. All values are given if you don't use filters
Endpoint Groups Management
List Endpoint Groupsβ
Endpoint groups in the directory
GET /endpoint/v1/endpoint-groups
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Group Type
String
Endpoint group type
Sort
Array
Defines how to sort the data
Fields
String (?)
The fields to return in a partial response
Endpoint Groups
String (?)
IDs to match
Search
String (?)
Search for items that match the given terms
Search Fields
Array
Search only within the specified fields, username field is default if search query is specified
Endpoints
Array
Endpoints UUIDs
Create Endpoint Groupβ
Add a new endpoint group to the directory
POST /endpoint/v1/endpoint-groups
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Fields
String (?)
The fields to return in a partial response
Name*
String (?)
Group name
Description
String (?)
Group description
Type*
String (?)
Endpoint group types
Endpoints
Array
Endpoints UUIDs
List Endpoint Groups By Typeβ
Endpoint groups of your specified type in the directory
GET /endpoint/v1/endpoint-groups/types/{groupType}
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Group Type*
String
Endpoint group type
Sort
Array
Defines how to sort the data
Fields
String (?)
The fields to return in a partial response
IDs
String (?)
IDs to match
Search
String (?)
Search for items that match the given terms
Search Fields
Array
Search only within the specified fields, username field is default if search query is specified
Endpoints
Array
Endpoints UUIDs
Get Endpoint Groupβ
Get endpoint group by ID
GET /endpoint/v1/endpoint-groups/{groupId}
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Endpoint Groups*
Sophos Endpoint Group
None Provided
Fields
String (?)
The fields to return in a partial response
Delete Endpoint Groupβ
Delete endpoint group
DELETE /endpoint/v1/endpoint-groups/{groupId}
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Endpoint Groups*
Sophos Endpoint Group
None Provided
Update Endpoint Groupβ
Update endpoint group
PATCH /endpoint/v1/endpoint-groups/{groupId}
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Endpoint Groups*
Sophos Endpoint Group
None Provided
Fields
String (?)
The fields to return in a partial response
Name
String (?)
New group name
Description
String (?)
Group description
List Endpoints In Groupβ
Endpoints in your specified group
GET /endpoint/v1/endpoint-groups/{groupId}/endpoints
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Endpoint Groups*
Sophos Endpoint Group
None Provided
Sort
Array
Defines how to sort the data
Fields
String (?)
The fields to return in a partial response
Search
String (?)
Search for items that match the given terms
Search Fields
Array
Search only within the specified fields, username field is default if search query is specified
Add Endpoint(S) To Groupβ
Add endpoints to your group
POST /endpoint-groups/{groupId}/endpoints
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Endpoint Groups*
Sophos Endpoint Group
None Provided
Endpoints
String (?)
List of endpoint IDs
Remove From Groupβ
Remove endpoints from a group
DELETE /endpoint-groups/{groupId}/endpoints
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Endpoint Groups*
Sophos Endpoint Group
None Provided
IDs
String (?)
Endpoint IDs
Remove Single Endpoint From Groupβ
Remove endpoint from a group
DELETE /endpoint-groups/{groupId}/endpoints/{endpointId}
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Endpoint Groups*
Sophos Endpoint Group
None Provided
Endpoint*
Sophos Endpoint
None Provided
Endpoint Isolation
Configure Endpoint(s) Isolation Settingsβ
Turn on or off endpoint isolation for multiple endpoints
POST /endpoint/v1/endpoints/isolation
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Enabled
String (?)
Whether Tamper Protection should be turned on for the endpoint
Comment*
String (?)
Comment indicating why the item should be allowed
IDs
String (?)
List of endpoints IDs
Get Endpoint's Isolation Settingsβ
Get isolation settings for an endpoint
GET /endpoint/v1/endpoints/{endpointId}/isolation
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Endpoint*
Sophos Endpoint
None Provided
Update Endpoint's Isolation Settingsβ
Update isolation settings for an endpoint
PATCH /endpoint/v1/endpoints/{endpointId}/isolation
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Endpoint*
Sophos Endpoint
None Provided
Enabled
String (?)
Whether Tamper Protection should be turned on for the endpoint
Comment*
String (?)
Comment indicating why the item should be allowed
Endpoints
List Endpointsβ
Get all the endpoints for the specified tenant
GET /endpoint/v1/endpoints
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Sort
Array
Defines how to sort the data
Health Status
Array
Find endpoints by health status
Type
String (?)
Find endpoints by type
Tamper Protection Enabled
String (?)
Find endpoints by whether Tamper Protection is turned on
Lockdown Status
Array
Find endpoints by lockdown status
Last Seen Before
String (?)
Find endpoints that were last seen before the given date and time (UTC) or a duration relative to the current date and time (exclusive).
Last Seen After
String (?)
Find endpoints that were last seen after the given date and time (UTC) or a duration relative to the current date and time (inclusive).
IDs
String (?)
Find endpoints with the specified IDs
Isolation Status
String
Find endpoints by isolation status
Hostname Contains
String (?)
Find endpoints where the hostname contains the given string Only the first 10 characters of the given string are matched.
Associated Person Contains
String (?)
Find endpoints where the name of the person associated with the endpoint contains the given string Only the first 10 characters of the given string are matched.
Group Name Contains
String (?)
Find endpoints where the name of the group the endpoint is in contains the given string Only the first 10 characters of the given string are matched.
Search
String (?)
Search for items that match the given terms
Search Fields
Array
Search only within the specified fields, username field is default if search query is specified
IP Addresses
Array
Find endpoints by IP addresses
Cloud
Array
Find endpoints that are cloud instances. You must use URL encoding
Fields
String (?)
The fields to return in a partial response
View
String
Type of view to be returned in response
Assigned To Group
String (?)
Whether endpoint is assigned to a group
Endpoint Groups
Array
Groups that the endpoint should be added to
MAC Addresses
Array
Find endpoints by MAC Addresses Can be in EUI-48 or EUI-64 format, case insensitive, colon, hyphen or dot separated, or with no separator e.g. 01:23:45:67:89:AB, 01-23-45-67-89-ab, 0123.4567.89ab, 0123456789ab, 01:23:45:67:89πcd:ef.
Get Endpointβ
Get an endpoint based on ID
GET /endpoint/v1/endpoints/{endpointId}
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Endpoint*
Sophos Endpoint
None Provided
Fields
String (?)
The fields to return in a partial response
View
String
Type of view to be returned in response
Delete Endpointβ
Deletes a specified endpoint
DELETE /endpoint/v1/endpoints/{endpointId}
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Endpoint*
Sophos Endpoint
None Provided
Event Journal
List Event Journal Settingsβ
Get all event journal settings
GET /endpoint/v1/settings/event-journal/{endpointType}
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Endpoint Type*
String
Endpoint type
Update Event Journal Settingsβ
Update settings for event journal size and disk space limits If you specify both a maximum disk space and a maximum journal size, the lower of these limits is used
PATCH /endpoint/v1/settings/event-journal/{endpointType}
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Endpoint Type*
String
Endpoint type
Use Recommended
String (?)
Shows if the recommended setting is required
Disk Space Limit In Mb
String (?)
Maximum size of the event journal (MB)
Disk Space Limit As Percentage
String
Disk space limit for the event journal (percentage). The value 0 will mean Disk space limit is not specified.
Events
Get Eventsβ
Get events with timestamps within the last 24 hours
GET /siem/v1/events
X-Tenant-ID
Sophos Tenant
None Provided
limit
String (?)
The maximum number of items to return, default is 200, max is 1000
cursor
String (?)
Identifier for next item in the list, this value is available in response as next_cursor Response will default to last 24 hours if cursor is not within last 24 hours.
from_date
String (?)
The starting date from which alerts will be retrieved defined as Unix timestamp in UTCIgnored if cursor is set. Must be within last 24 hours.
exclude_types
String (?)
The String of list of types of events to be excluded
Exploit Mitigation
List Detected Exploitsβ
Get detected exploits and the number of each detected exploit
GET /endpoint/v1/settings/exploit-mitigation/detected-exploits
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Thumbprint Not In
Array
Filter out detected exploits with these thumbprints
Get Detected Exploitβ
Get a detected exploit by ID
GET /endpoint/v1/settings/exploit-mitigation/detected-exploits/{detectedExploitId}
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Detected Exploit*
Sophos Detected Exploit
None Provided
List Exploit Mitigation Categoriesβ
Lists all the Exploit Mitigation categories
GET /endpoint/v1/settings/exploit-mitigation/categories
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
List Exploit Mitigation Applicationsβ
Get Exploit Mitigation settings for all protected applications
GET /endpoint/v1/settings/exploit-mitigation/applications
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Type
String (?)
Exploit Mitigation Application type
Modified
String (?)
Whether or not Exploit Mitigation Application has been customized
Add Application To Exploit Mitigation Exclusionsβ
Exclude a set of file paths from Exploit Mitigation
POST /endpoint/v1/settings/exploit-mitigation/applications
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Paths
Array
Array of absolute paths to an application file to exclude. You may use HitmanProAlert expansion variables (For example, $desktop, $programfiles). Currently, this array may contain only one application path.
Get Application's Exploit Mitigation Settingsβ
Get Exploit Mitigation settings for an application
GET /endpoint/v1/settings/exploit-mitigation/applications/{exploitMitigationApplicationId}
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Exploit Mitigation Application*
Sophos Exploit Mitigation Application
Exploit Mitigation application ID
Update Application Exploit Mitigation Settingsβ
Update Exploit Mitigation settings for an application
PATCH /endpoint/v1/settings/exploit-mitigation/applications/{exploitMitigationApplicationId}
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Exploit Mitigation Application*
Sophos Exploit Mitigation Application
Exploit Mitigation application ID
Paths
Array
Array of absolute paths to an application file to exclude. You may use HitmanProAlert expansion variables (For example, $desktop, $programfiles). Currently, this array may contain only one application path.
Remove Exploit Mitigation Applicationβ
Deletes a custom (user-defined) Exploit Mitigation application by ID. Note you can only delete custom applications A request to delete a system-detected application fails with a 409 Conflict message
DELETE /endpoint/v1/settings/exploit-mitigation/applications/{exploitMitigationApplicationId}
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Exploit Mitigation Application*
Sophos Exploit Mitigation Application
Exploit Mitigation application ID
Modificationβ
protected
String (?)
None Provided
settings
String (?)
None Provided
Firewall Groups
List Firewall Groupsβ
Retrieve firewall groups for a tenant
GET /firewall/v1/firewall-groups
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Recurse Subgroups
String (?)
Whether to include nested child groups or not
Search
String (?)
Search for items that match the given terms
Search Fields
Array
Search only within the specified fields, username field is default if search query is specified
Create Firewall Groupβ
Create firewall group
POST /firewall/v1/firewall-groups
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Name
String (?)
Group name
Config Import Source Firewall
String (?)
ID for the firewall you're importing configuration settings from
Assign Firewalls
Array
IDs for the firewalls you're adding to the group
Firewall Group
Sophos Firewall Group
None Provided
Update Firewall Groupβ
Change firewall group name. You can also assign firewalls to the group. Or remove firewalls from a group
PATCH /firewall/v1/firewall-groups/{groupId}
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Firewall Group*
Sophos Firewall Group
None Provided
Name
String (?)
New group name
Assign Firewalls
Array
IDs for the firewalls you're adding to the group
Unassign Firewalls
Array
IDs for the firewalls you're removing from group
Delete Firewall Groupβ
Delete the firewall group using its ID
DELETE /firewall/v1/firewall-groups/{groupId}
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Firewall Group*
Sophos Firewall Group
None Provided
List Firewall Group Sync Statusβ
Synchronization status for the firewalls in a group
GET /firewall/v1/firewall-groups/{groupId}/firewalls/sync-status
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Firewall Group*
Sophos Firewall Group
None Provided
IDs
String (?)
None Provided
Firewalls
List Firewallsβ
List of firewalls
GET /firewall/v1/firewalls
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Firewall Group
Sophos Firewall Group
None Provided
Search
String (?)
Search for items that match the given terms
Update Firewallβ
Update firewalls with supplied values
PATCH /firewall/v1/firewalls/{firewallId}
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Firewall*
Sophos Firewall
None Provided
Name
String (?)
Firewall name
Delete Firewallβ
Delete firewall using its ID
DELETE /firewall/v1/firewalls/{firewallId}
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Firewall*
Sophos Firewall
None Provided
Run Firewall Actionβ
Action you want to do to a firewall
POST /firewall/v1/firewalls/{firewallId}/action
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Firewall*
Sophos Firewall
None Provided
Action
String (?)
Actions that you can perform on these alerts
Check Firmwareβ
Check firmware for firewalls
POST /firewall/v1/firewalls/actions/firmware-upgrade-check
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Firewalls
Array
None Provided
Upgrade Firewallβ
Upgrade firewalls
POST /firewall/v1/firewalls/actions/firmware-upgrade
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Firewalls*
Array
None Provided
Cancel Scheduled Firewall Upgradeβ
Cancel scheduled upgrade for a firewall
DELETE /firewall/v1/firewalls/actions/firmware-upgrade
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Firewalls*
String (?)
None Provided
Geolocationβ
latitude
String (?)
None Provided
longitude
String (?)
None Provided
Global Tamper Protection
Check Global Tamper Protection Settingβ
Check whether Tamper Protection is turned on globally
GET /endpoint/v1/settings/tamper-protection
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Intrusion Prevention
List Intrusion Prevention Exclusionsβ
Get all Intrusion Prevention exclusions
GET /endpoint/v1/settings/exclusions/intrusion-prevention
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Add Intrusion Prevention Exclusionβ
Add a new Intrusion Prevention exclusion
POST /endpoint/v1/settings/exclusions/intrusion-prevention
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Local Ports
Array
Local protected ports
Remote Ports
Array
Remote protected ports
True True| required | | None Provided | | Direction | String (?) | Direction property of the intrusion prevention exclusion | | Remote Addresses | String (?) | Array of remote addresses for the intrusion prevention exclusion | | Comment* | String (?) | Comment indicating why the item should be allowed |
Get Intrusion Prevention Exclusionβ
Get an Intrusion Prevention exclusion by ID
GET /endpoint/v1/settings/exclusions/intrusion-prevention/{exclusionId}
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Intrusions Exclusion*
Sophos Intrusions Exclusion
Exclusion ID
Remove Intrusion Prevention Exclusionβ
Delete an Intrusion Prevention exclusion by ID
DELETE /endpoint/v1/settings/exclusions/intrusion-prevention/{exclusionId}
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Intrusions Exclusion*
Sophos Intrusions Exclusion
Exclusion ID
Update Intrusion Prevention Exclusionβ
Update an Intrusion Prevention exclusion by ID
PATCH /endpoint/v1/settings/exclusions/intrusion-prevention/{exclusionId}
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Intrusions Exclusion*
Sophos Intrusions Exclusion
Exclusion ID
Local Ports
Array
Local protected ports
Remote Ports
Array
Remote protected ports
Direction
String (?)
Direction property of the intrusion prevention exclusion
Remote Addresses
String (?)
Array of remote addresses for the intrusion prevention exclusion
Comment*
String (?)
Comment indicating why the item should be allowed
Isolation Exclusions
List Isolation Exclusionsβ
Get all isolation exclusions
GET /endpoint/v1/settings/exclusions/isolation
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Create Isolation Exclusionβ
Adds a new Isolation exclusion
POST /endpoint/v1/settings/exclusions/isolation
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Local Ports
Array
Local protected ports
Remote Ports
Array
Remote protected ports
True True| required | | None Provided | | Direction | String (?) | Direction property of the intrusion prevention exclusion | | Remote Addresses | String (?) | Array of remote addresses for the intrusion prevention exclusion | | Comment* | String (?) | Comment indicating why the item should be allowed |
Get Isolation Exclusionβ
Get a single Isolation exclusion by ID
GET /endpoint/v1/settings/exclusions/isolation/{exclusionId}
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Isolation Exclusion*
Sophos Isolation Exclusion
Exclusion ID
Delete Isolation Exclusionβ
Deletes an Isolation exclusion
DELETE /endpoint/v1/settings/exclusions/isolation/{exclusionId}
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Isolation Exclusion*
Sophos Isolation Exclusion
Exclusion ID
Update Isolation Exclusionβ
Updates an Isolation exclusion by ID
PATCH /endpoint/v1/settings/exclusions/isolation/{exclusionId}
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Isolation Exclusion*
Sophos Isolation Exclusion
Exclusion ID
Local Ports
Array
Local protected ports
Remote Ports
Array
Remote protected ports
Direction
String (?)
Direction property of the intrusion prevention exclusion
Remote Addresses
String (?)
Array of remote addresses for the intrusion prevention exclusion
Comment*
String (?)
Comment indicating why the item should be allowed
Migrations
List Migrationsβ
Gets all migration jobs for the tenant
GET /endpoint/v1/migrations
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Mode
String
Filter migration jobs by sending or receiving mode
Start Receiving Migration Jobβ
Start a migration job in the receiving tenant
POST /endpoint/v1/migrations
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
From Tenant
String (?)
Sending tenant
Endpoints
Array
Endpoints UUIDs
Get Migration Jobβ
Get a single migration job
GET /endpoint/v1/migrations/{migrationJobId}
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Migration Job*
Sophos Migration Job
Migration job ID
Start Starting Migration Jobβ
Start a migration job in the sending tenant
PUT /endpoint/v1/migrations/{migrationJobId}
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Migration Job*
Sophos Migration Job
Migration job ID
Token
String (?)
Job token
Endpoints
Array
Endpoints UUIDs
List Migration Endpoint Statusesβ
Gets the status of endpoints that are being migrated
GET /endpoint/v1/migrations/{migrationJobId}/endpoints
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Migration Job*
Sophos Migration Job
Migration job ID
Packages
List Recommended Packagesβ
Get all Sophos Recommended packages for the tenant
GET /endpoint/v1/software/packages/recommended
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
List Static Packagesβ
Get all static packages available for the tenant
GET /endpoint/v1/software/packages/static
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Sort
Array
Defines how to sort the data
Endpoint Type*
String
Endpoint type
Platform
String
Filter to the platform of the static package
Type
String (?)
Show the type of static package
Expires From
String (?)
Show static packages that expire on or after this date (inclusive)
Expires To
String (?)
Show static packages that expire before this date (exclusive)
Released From
String (?)
Show static packages that were released on or after this date (inclusive)
Released To
String (?)
Show static packages that were released before this date (exclusive)
Get Static Packageβ
Get an individual static package
GET /endpoint/v1/software/packages/static/{staticPackageId}
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Static Packages*
Sophos Static Package
None Provided
Add Packageβ
Add a package by token, supplied by Sophos support. This is a one-way operation
POST /endpoint/v1/software/packages/static/{staticPackageId}/add
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Static Packages*
Sophos Static Package
None Provided
List Static Package Commentsβ
Get all software comments
GET /endpoint/v1/software/comments
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Get Static Package Commentβ
Get the static package comment
GET /endpoint/v1/software/comments/{staticPackageId}
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Static Packages*
Sophos Static Package
None Provided
Update Static Package Commentβ
Add/Update the static package comment
PUT /endpoint/v1/software/comments/{staticPackageId}
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Static Packages*
Sophos Static Package
None Provided
Comment*
String (?)
Comment indicating why the item should be allowed
Delete Static Package Commentβ
Delete the static package comment
DELETE /endpoint/v1/software/comments/{staticPackageId}
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Static Packages*
Sophos Static Package
None Provided
Partner Admins
List Partner Adminsβ
List all partner admins
GET /partner/v1/admins
X-Partner-ID*
String (?)
Partner ID
Sort
Array
Defines how to sort the data
Fields
String (?)
The fields to return in a partial response
Search
String (?)
Search for items that match the given terms
String (?)
None Provided
Partner Role
Sophos Partner Role
Role ID
With Access To Tenant
String (?)
Search for admins that have access to the given tenant
Create Partner Adminβ
Create a new partner administrator
POST /partner/v1/admins
X-Partner-ID*
String (?)
Partner ID
Username
String (?)
Administrator username (email)
Get Partner Adminβ
Get partner administrator details by ID
GET /partner/v1/admins/{adminId}
X-Partner-ID*
String (?)
Partner ID
Partner Admin*
Sophos Partner Admin
Admin ID
List All Partner Rolesβ
Get the list of role assignments for a given admin
GET /partner/v1/admins/{adminId}/role-assignments
X-Partner-ID*
String (?)
Partner ID
Partner Admin*
Sophos Partner Admin
Admin ID
Assign A Partner Admin Roleβ
Assign a role to a partner administrator
POST /partner/v1/admins/{adminId}/role-assignments
X-Partner-ID*
String (?)
Partner ID
Partner Admin*
Sophos Partner Admin
Admin ID
Partner Role*
Sophos Partner Role
Role ID
Get Partner Admin Role Assignmentβ
Get partner administrator role assignment by ID
GET /partner/v1/admins/{adminId}/role-assignments/{assignmentId}
X-Partner-ID*
String (?)
Partner ID
Partner Admin*
Sophos Partner Admin
Admin ID
Partner Role Assignment*
Sophos Partner Role Assignment
Role Assignment ID
Remove A Partner Admin Role Assignmentβ
Remove role assignment from a partner admin
DELETE /partner/v1/admins/{adminId}/role-assignments/{assignmentId}
X-Partner-ID*
String (?)
Partner ID
Partner Admin*
Sophos Partner Admin
Admin ID
Partner Role Assignment*
Sophos Partner Role Assignment
Role Assignment ID
Profileβ
Name
String (?)
Full name
firstName
String (?)
None Provided
lastName
String (?)
None Provided
phone
String (?)
None Provided
mobile
String (?)
None Provided
fax
String (?)
None Provided
Partnerroleassignmentβ
roleId
String (?)
Role UUID
Scopeβ
Type*
String
Role assignment scope type
Tenant
String (?)
Tenant ID. Optional when type is allManagedTenants or self
Partner Billing
List Partner Usage Reportβ
Gets a partner usage report for a particular month and year
GET /partner/v1/billing/usage/{year}/{month}
X-Partner-ID
String (?)
Partner ID
Month*
String (?)
Month of the year
Year*
String (?)
Year
Fields
String (?)
The fields to return in a partial response
Contact Email
String (?)
Tenant email for contact
Tenant*
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Partner Role Management
List Partner Rolesβ
List all partner roles
GET /partner/v1/roles
X-Partner-ID
String (?)
Partner ID
Type
String (?)
Role type
Principal Type
String
Principal type of role
Fields
String (?)
The fields to return in a partial response
Create Partner Roleβ
Create a new partner role
POST /partner/v1/roles
X-Partner-ID
String (?)
Partner ID
Fields
String (?)
The fields to return in a partial response
Name
String (?)
Role name
Description
String (?)
Group description
Principal Type
String
Principal type of role
Permission Sets
String (?)
List of permission sets
Get Partner Roleβ
Get a partner role by ID
GET /partner/v1/roles/{roleId}
X-Partner-ID
String (?)
Partner ID
Partner Role*
Sophos Partner Role
Role ID
Fields
String (?)
The fields to return in a partial response
Delete Partner Roleβ
Delete a partner role by ID
DELETE /partner/v1/roles/{roleId}
X-Partner-ID
String (?)
Partner ID
Partner Role*
Sophos Partner Role
Role ID
Update Partner Roleβ
Update an existing partner role
PATCH /partner/v1/roles/{roleId}
X-Partner-ID
String (?)
Partner ID
Partner Role*
Sophos Partner Role
Role ID
Fields
String (?)
The fields to return in a partial response
Name
String (?)
Role name
Description
String (?)
Group description
Permission Sets
String (?)
List of permission sets
Get Partner Role Permission Setsβ
Get permission set details for a Partner Role
GET /partner/v1/roles/permission-sets
X-Partner-ID
String (?)
Partner ID
Fields
String (?)
The fields to return in a partial response
Type
String (?)
Permission set type
Product
Array
Alerts for a product. You can query by product types
Access
String
Access level of permission set
Allowed In Custom Role
String (?)
Filter permissions sets allowed in custom roles
Principal Type
String
Principal type of role
Peripheral Control
List Peripheralsβ
Get all the peripherals
GET /endpoint/v1/settings/peripheral-control/peripherals
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Last Seen After
String (?)
Find endpoints that were last seen after the given date and time (UTC) or a duration relative to the current date and time (inclusive).
Type
String (?)
One or more peripheral types to include
Get Peripheralβ
Get a peripheral by ID
GET /endpoint/v1/settings/peripheral-control/peripherals/{peripheralId}
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Peripheral*
Sophos Peripheral
None Provided
Policy Management
List Policiesβ
List the policies of a tenant
GET /endpoint/v1/policies
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Policy Type
String
Policy type
Fields
String (?)
The fields to return in a partial response
Create Policyβ
Create a new policy
POST /endpoint/v1/policies
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Name*
String (?)
Policy name
Type*
String (?)
Policy type
Priority*
String (?)
Policy priority
Enabled
String (?)
Whether Tamper Protection should be turned on for the endpoint
Disable At*
String (?)
When the policy should be turned off
Applies To*
String (?)
None Provided
Settings
String (?)
Settings for this object
Get Policy Setting Metadataβ
Get a list of metadata for the policy settings
GET /endpoint/v1/policies/settings
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Policy Type
String
Policy type
Get Policyβ
Gets a policy's details
GET /endpoint/v1/policies/{policyId}
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Policy*
Sophos Policy
None Provided
Update Policyβ
Update policy. Note you can only change the settings for a base policy
PATCH /endpoint/v1/policies/{policyId}
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Policy*
Sophos Policy
None Provided
Name
String (?)
Policy name
Priority*
String (?)
Policy priority
Enabled
String (?)
Whether Tamper Protection should be turned on for the endpoint
Disable At*
String (?)
When the policy should be turned off
Applies To*
String (?)
None Provided
Settings
String (?)
Settings for this object
Delete Policyβ
Deletes a policy
DELETE /endpoint/v1/policies/{policyId}
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Policy*
Sophos Policy
None Provided
List Policy Settingsβ
Gets a list of policy settings
GET /endpoint/v1/policies/{policyId}/settings
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Policy*
Sophos Policy
None Provided
Update Policy Settingsβ
Updates policy settings
PATCH /endpoint/v1/policies/{policyId}/settings
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Policy*
Sophos Policy
None Provided
ordereddict([('description', 'Keys have specific names documented here'), ('type', 'object'), ('x-anchor-description', 'JSON Schema object data type')])
Reset All Settings For A Policyβ
Reset policy settings
POST /endpoint/v1/policies/{policyId}/settings/reset
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Policy*
Sophos Policy
None Provided
Get Policy Setting Valueβ
Get the value of a setting key in a policy
GET /endpoint/v1/policies/{policyId}/settings/{settingKey}
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Policy*
Sophos Policy
None Provided
Setting Key*
String (?)
Setting key
Reset Single Policy Settingβ
Reset a setting to its default value
POST /endpoint/v1/policies/{policyId}/settings/{settingKey}/reset
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Policy*
Sophos Policy
None Provided
Setting Key*
String (?)
Setting key
Clone Policyβ
Clone a policy
POST /endpoint/v1/policies/{policyId}/clone
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Policy*
Sophos Policy
None Provided
Name
String (?)
Name of the newly cloned policy
Get Base Policyβ
Get base policy for a policy type
GET /endpoint/v1/policies/{policyType}/base
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Policy Type*
String
Policy type
Update Base Policyβ
Update base policy. Note that only settings can be changed
PATCH /endpoint/v1/policies/{policyType}/base
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Policy Type*
String
Policy type
Settings
String (?)
Settings for this object
Get Base Policy Settingsβ
Get settings of the base policy for a policy type
GET /endpoint/v1/policies/{policyType}/base/settings
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Policy Type*
String
Policy type
Update Base Policy Settingsβ
Update settings in the base policy for a policy type
PATCH /endpoint/v1/policies/{policyType}/base/settings
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Policy Type*
String
Policy type
ordereddict([('description', 'Keys have specific names documented here'), ('type', 'object'), ('x-anchor-description', 'JSON Schema object data type')])
Reset Base Policy Settingsβ
Reset the settings in a base policy
POST /endpoint/v1/policies/{policyType}/base/settings/reset
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Policy Type*
String
Policy type
Get Base Policy Settingβ
Get the value of a setting in the base policy for a policy type
GET /endpoint/v1/policies/{policyType}/base/settings/{settingKey}
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Policy Type*
String
Policy type
Setting Key*
String (?)
Setting key
Update Base Policy Settingβ
Update a setting in the base policy
PATCH /endpoint/v1/policies/{policyType}/base/settings/{settingKey}
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Policy Type*
String
Policy type
Setting Key*
String (?)
Setting key
Reset Setting In Base Policyβ
Reset a setting in the base policy to its default value
POST /endpoint/v1/policies/{policyType}/base/settings/{settingKey}/reset
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Policy Type*
String
Policy type
Setting Key*
String (?)
Setting key
Clone Base Policyβ
Clone a new policy from the base policy for a policy type
POST /endpoint/v1/policies/{policyType}/base/clone
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Policy Type*
String
Policy type
Name
String (?)
Name of the newly cloned policy
Scanning Exclusions
List Scanning Exclusionsβ
List scanning exclusions
GET /endpoint/v1/settings/exclusions/scanning
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Type
String (?)
Scanning Exclusion type
Add Scanning Exclusionβ
Add a new scanning exclusion
POST /endpoint/v1/settings/exclusions/scanning
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Value*
String (?)
Exclusion value
Type*
String (?)
Scanning exclusion type
Scan Mode*
String (?)
Default value of scan mode is \"onDemandAndOnAccess\" for exclusions of type path, posixPath and virtualPath, \"onAccess\" for process, web, pua, amsi. Behavioral and Detected Exploits (exploitMitigation) type exclusions do not support a scan mode.
Comment*
String (?)
Comment indicating why the item should be allowed
Get Scanning Exclusionβ
Get a scanning exclusion by ID
GET /endpoint/v1/settings/exclusions/scanning/{exclusionId}
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Scanning Exclusion*
Sophos Scanning Exclusion
Exclusion ID
Update Scanning Exclusionβ
Update a scanning exclusion by ID
PATCH /endpoint/v1/settings/exclusions/scanning/{exclusionId}
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Scanning Exclusion*
Sophos Scanning Exclusion
Exclusion ID
Value*
String (?)
Exclusion value
Scan Mode*
String (?)
Default value of scan mode is \"onDemandAndOnAccess\" for exclusions of type path, posixPath and virtualPath, \"onAccess\" for process, web, pua, amsi. Behavioral and Detected Exploits (exploitMitigation) type exclusions do not support a scan mode.
Comment*
String (?)
Comment indicating why the item should be allowed
Delete Scanning Exclusionβ
Deletes a scanning exclusion
DELETE /endpoint/v1/settings/exclusions/scanning/{exclusionId}
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Scanning Exclusion*
Sophos Scanning Exclusion
Exclusion ID
Scans
Scan Endpointβ
Sends a request to the specified endpoint to perform or configure a scan
POST /endpoint/v1/endpoints/{endpointId}/scans
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Endpoint*
Sophos Endpoint
None Provided
ordereddict([('description', 'Request to configure or perform a scan on the endpoint'), ('type', 'object'), ('x-anchor-description', 'JSON Schema object data type')])
Tamper Protection
Get Endpoint's Tamper Protection Settingsβ
Get Tamper Protection settings for a specified endpoint
GET /endpoint/v1/endpoints/{endpointId}/tamper-protection
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Endpoint*
Sophos Endpoint
None Provided
Update Endpoint Tamper Protection Settingsβ
Turns Tamper Protection on or off on an endpoint. Or generates a new Tamper Protection password Note that Tamper Protection can be turned on for an endpoint only if it has also been turned on globally.
POST /endpoint/v1/endpoints/{endpointId}/tamper-protection
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Endpoint*
Sophos Endpoint
None Provided
Enabled
String (?)
Whether Tamper Protection should be turned on for the endpoint
Regenerate Password
String (?)
Whether a new Tamper Protection password should be generated
Tenant Access
List Tenant Adminsβ
List all tenant admins
GET /common/v1/admins
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Sort
Array
Defines how to sort the data
Fields
String (?)
The fields to return in a partial response
Search
String (?)
Search for items that match the given terms
Search Fields
Array
Search only within the specified fields, username field is default if search query is specified
Tenant Role
Sophos Tenant Role
Role ID
Create Tenant Adminβ
Create a tenant admin from a directory user
POST /common/v1/admins
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Fields
String (?)
The fields to return in a partial response
User
Sophos User
None Provided
Get Tenant Adminβ
Get admin details by ID
GET /common/v1/admins/{adminId}
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Tenant Admin*
Sophos Tenant Admin
Admin ID
Fields
String (?)
The fields to return in a partial response
Delete Tenant Adminβ
Remove an admin by ID
DELETE /common/v1/admins/{adminId}
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Tenant Admin*
Sophos Tenant Admin
Admin ID
List All Roles For Adminβ
Get the list of role assignments for a given admin
GET /common/v1/admins/{adminId}/role-assignments
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Tenant Admin*
Sophos Tenant Admin
Admin ID
Assign A Role To A Tenant Adminβ
Assign a role of principal type "user" to a tenant admin Any existing assignment is overridden
POST /common/v1/admins/{adminId}/role-assignments
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Tenant Admin*
Sophos Tenant Admin
Admin ID
Tenant Role
Sophos Tenant Role
Role ID
Get Specific Tenant Admin's Role Informationβ
Get tenant admin role assignment information by ID
GET /common/v1/admins/{adminId}/role-assignments/{assignmentId}
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Tenant Admin*
Sophos Tenant Admin
Admin ID
Tenant Role Assignment*
Sophos Tenant Role Assignment
Role Assignment ID
Remove Tenant Admin Role Assignmentβ
Remove role assignment from an admin account
DELETE /common/v1/admins/{adminId}/role-assignments/{assignmentId}
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Tenant Admin*
Sophos Tenant Admin
Admin ID
Tenant Role Assignment*
Sophos Tenant Role Assignment
Role Assignment ID
Role Assignmentβ
roleId
String (?)
Role UUID
Tenant Role Management
List Tenant Rolesβ
List all roles in the tenant
GET /common/v1/roles
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Type
String (?)
Role type
Principal Type
String
Principal type of role
Fields
String (?)
The fields to return in a partial response
Create Tenant Roleβ
Create a new tenant role
POST /common/v1/roles
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Fields
String (?)
The fields to return in a partial response
Name
String (?)
Role name
Description
String (?)
Group description
Principal Type
String
Principal type of role
Permission Sets
String (?)
List of permission sets
Get Tenant Roleβ
Get Tenant Role by ID
GET /common/v1/roles/{roleId}
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Tenant Role*
Sophos Tenant Role
Role ID
Fields
String (?)
The fields to return in a partial response
Delete Tenant Roleβ
Delete a tenant role by ID
DELETE /common/v1/roles/{roleId}
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Tenant Role*
Sophos Tenant Role
Role ID
Update Tenant Roleβ
Update an existing tenant role
PATCH /common/v1/roles/{roleId}
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Tenant Role*
Sophos Tenant Role
Role ID
Fields
String (?)
The fields to return in a partial response
Name
String (?)
Role name
Description
String (?)
Group description
Permission Sets
String (?)
List of permission sets
List Tenant Role Permission Setsβ
Get permission set details for roles
GET /common/v1/roles/permission-sets
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Fields
String (?)
The fields to return in a partial response
Type
String (?)
Permission set type
Product
Array
Alerts for a product. You can query by product types
Access
String
Access level of permission set
Allowed In Custom Role
String (?)
Filter permissions sets allowed in custom roles
Principal Type
String
Principal type of role
Tenants
Create Tenantβ
Create a new tenant
POST /partner/v1/tenants
X-Partner-ID
String (?)
Partner ID
Fields
String (?)
The fields to return in a partial response
Show As
String (?)
Tenant display name
True True| required | | None Provided | | Name* | String (?) | Tenant name. This cannot be changed after the tenant has been created | | Data Geography | String (?) | Geographical location where the tenant data is stored | | Billing Type | String (?) | Billing type |
List Tenantsβ
List all the tenants for a partner
GET /partner/v1/tenants
X-Partner-ID
String (?)
Partner ID
Fields
String (?)
The fields to return in a partial response
Get Tenantβ
Get a tenant by ID
GET /partner/v1/tenants/{tenantId}
X-Partner-ID
String (?)
Partner ID
Tenant*
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Fields
String (?)
The fields to return in a partial response
Contactβ
firstName
String (?)
None Provided
lastName
String (?)
None Provided
String (?)
None Provided
phone
String (?)
None Provided
mobile
String (?)
None Provided
fax
String (?)
None Provided
address
String (?)
None Provided
Update Checks
Request Endpoint Update Checkβ
Sends a request to the endpoint to check for Sophos management agent software updates
POST /endpoint/v1/endpoints/{endpointId}/update-checks
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Endpoint*
Sophos Endpoint
None Provided
ordereddict([('description', 'Request to the endpoint to check for updates to the Sophos agent software and protection data'), ('type', 'object'), ('x-anchor-description', 'JSON Schema object data type')])
Web Controls
List Local Sitesβ
Get all sites for the tenant
GET /endpoint/v1/settings/web-control/local-sites
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Add Local Site Exclusionβ
Adds a new local site to your exclusions
POST /endpoint/v1/settings/web-control/local-sites
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Website Category
Sophos Website Category
Category associated with this local site.
Tags
Array
Array of tags associated with this local site setting. Either categoryId or tags must be provided
True True| required | | None Provided | | URL | String (?) | None Provided | | Comment* | String (?) | Comment indicating why the item should be allowed |
Get Local Siteβ
Get a local site by ID
GET /endpoint/v1/settings/web-control/local-sites/{localSiteId}
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Local Site*
String (?)
Local site ID
Update Local Siteβ
Update a local site definition
PATCH /endpoint/v1/settings/web-control/local-sites/{localSiteId}
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Local Site*
String (?)
Local site ID
Website Category
Sophos Website Category
Category associated with this local site.
Tags
Array
Array of tags associated with this local site setting. Either categoryId or tags must be provided
URL
String (?)
None Provided
Comment*
String (?)
Comment indicating why the item should be allowed
Delete Local Siteβ
Deletes the specified local site
DELETE /endpoint/v1/settings/web-control/local-sites/{localSiteId}
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Local Site*
String (?)
Local site ID
List Web Categoriesβ
Get all Web Control categories
GET /endpoint/v1/settings/web-control/categories
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
List SSL/Tls Settingsβ
Get settings for SSL/TLS decryption of HTTPS websites
GET /endpoint/v1/settings/web-control/tls-decryption
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Update SSL/Tls Settingsβ
Update settings for SSL/TLS decryption of HTTPS websites
PATCH /endpoint/v1/settings/web-control/tls-decryption
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Enabled
String (?)
Whether Tamper Protection should be turned on for the endpoint
List SSL/Tls Excluded Sitesβ
List of websites excluded from SSL/TLS decryption
GET /endpoint/v1/settings/web-control/tls-decryption/excluded-websites
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Update SSL/Tls Exclusionsβ
Add and remove websites excluded from SSL/TLS decryption
PATCH /endpoint/v1/settings/web-control/tls-decryption/excluded-websites
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Clear SSL/Tls Website Exclusionsβ
Clears the list of websites excluded from SSL/TLS decryption
DELETE /endpoint/v1/settings/web-control/tls-decryption/excluded-websites
Tenant
Sophos Tenant
The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Categoryβ
id
String (?)
Web decryption category ID matching the Web Control categories
decryptionEnabled
String (?)
Whether web decryption is enabled on websites in this category
Websitestoaddβ
value
String (?)
Website IP address, IP address range or domain
comment
String (?)
Comment indicating why the site was excluded
Removeβ
value
String (?)
Website IP address, IP address range or domain
comment
String (?)
Comment indicating why the site was excluded
Last updated
