Sophos Integration Setup

Integrating Rewst with Sophos brings robust cybersecurity capabilities to your Rewst workflows, enhancing data protection and threat management. With the integration, Rewst users can leverage Sophos' advanced security solutions to strengthen their defense against cyber threats. This includes features such as malware detection, ransomware protection, network security, and endpoint protection. By integrating Sophos into Rewst, users can enhance their security posture, mitigate risks, and safeguard sensitive data. The integration empowers users to proactively manage their cybersecurity within the Rewst platform, ensuring a secure environment for their operations and protecting against evolving threats.

Setup

To set up the Sophos Integration, you'll need to do the following:

  1. Navigate to the Global Settings of Sophos and locate the API Credentials Management section.

  2. Click on the "Add Credential" button to initiate the process of adding a new credential.

  3. Provide a name and description for the credential to identify and distinguish it from others.

  4. Choose the role that will be assigned to this credential. The available roles to choose from can be viewed here.

  5. Navigate to the integrations page in Rewst.

  6. Click on the Sophos integration.

  7. Fill out the integration form.

  8. Submit the form.

We'll run a quick test to ensure that the credentials are valid and that we can successfully connect to the Sophos API.

Actions

Alerts

List Alerts​

List alerts matching specified criteria

GET /common/v1/alerts

Get Alert​

Get details of a specific alert

GET /common/v1/alerts/{alertId}

Take Action On Alert​

Take an action on a specific alert

POST /common/v1/alerts/{alertId}/actions

Allowed Items

List Exemptions​

Get all allowed items from settings

GET /endpoint/v1/settings/allowed-items

Create Exemption​

Exempt an item from conviction

POST /endpoint/v1/settings/allowed-items

Get Exemption​

Get an exemption by ID

GET /endpoint/v1/settings/allowed-items/{allowedItemId}

Update Exemption​

Update an exemption

PATCH /endpoint/v1/settings/allowed-items/{allowedItemId}

Delete Exemption​

Deletes the specified exemption

DELETE /endpoint/v1/settings/allowed-items/{allowedItemId}


Property​

Blocked Items

List Quarantined Items​

Get all blocked items

GET /endpoint/v1/settings/blocked-items

Add Item To Quarantine​

Block an item from exoneration

POST /endpoint/v1/settings/blocked-items

Get Quarantined Item​

Get a blocked item by ID

GET /endpoint/v1/settings/blocked-items/{blockedItemId}

Delete From Quarantine​

Deletes the specified blocked item

DELETE /endpoint/v1/settings/blocked-items/{blockedItemId}


Property - Blocked Items​

Directory Management

List Users​

List users in the directory

GET /common/v1/directory/users

Create User​

Add a new user to the directory

POST /common/v1/directory/users

Get User​

Get a user by ID

GET /common/v1/directory/users/{userId}

Delete User​

Delete a user by ID

DELETE /common/v1/directory/users/{userId}

Update User​

Update an existing user

PATCH /common/v1/directory/users/{userId}

List User Groups​

List user groups in the directory

GET /common/v1/directory/user-groups

Create User Group​

Add a new group to the directory

POST /common/v1/directory/user-groups

Get User Group​

Get a user group by ID

GET /common/v1/directory/user-groups/{groupId}

Delete User Group​

Deletes the specified user group. The group must be empty.

DELETE /common/v1/directory/user-groups/{groupId}

Update User Group​

Update a user group

PATCH /common/v1/directory/user-groups/{groupId}

Get User Group Membership​

List groups that a user belongs to

GET /common/v1/directory/users/{userId}/groups

Add User To Group(S)​

Add a user to multiple groups

POST /common/v1/directory/users/{userId}/groups

Remove User From Group(S)​

Remove a user from multiple groups

DELETE /common/v1/directory/users/{userId}/groups

List Users In Group​

List users in the specified group

GET /common/v1/directory/user-groups/{groupId}/users

Add User(S) To Group​

Add multiple users to the specified group

POST /common/v1/directory/user-groups/{groupId}/users

Remove User(S) From Group​

Remove multiple users from a group

DELETE /common/v1/directory/user-groups/{groupId}/users

Downloads

Get all the endpoint installer links for a tenant

GET /endpoint/v1/downloads

Endpoint Groups Management

List Endpoint Groups​

Endpoint groups in the directory

GET /endpoint/v1/endpoint-groups

Create Endpoint Group​

Add a new endpoint group to the directory

POST /endpoint/v1/endpoint-groups

List Endpoint Groups By Type​

Endpoint groups of your specified type in the directory

GET /endpoint/v1/endpoint-groups/types/{groupType}

Get Endpoint Group​

Get endpoint group by ID

GET /endpoint/v1/endpoint-groups/{groupId}

Delete Endpoint Group​

Delete endpoint group

DELETE /endpoint/v1/endpoint-groups/{groupId}

Update Endpoint Group​

Update endpoint group

PATCH /endpoint/v1/endpoint-groups/{groupId}

List Endpoints In Group​

Endpoints in your specified group

GET /endpoint/v1/endpoint-groups/{groupId}/endpoints

Add Endpoint(S) To Group​

Add endpoints to your group

POST /endpoint-groups/{groupId}/endpoints

Remove From Group​

Remove endpoints from a group

DELETE /endpoint-groups/{groupId}/endpoints

Remove Single Endpoint From Group​

Remove endpoint from a group

DELETE /endpoint-groups/{groupId}/endpoints/{endpointId}

Endpoint Isolation

Configure Endpoint(s) Isolation Settings​

Turn on or off endpoint isolation for multiple endpoints

POST /endpoint/v1/endpoints/isolation

Get Endpoint's Isolation Settings​

Get isolation settings for an endpoint

GET /endpoint/v1/endpoints/{endpointId}/isolation

Update Endpoint's Isolation Settings​

Update isolation settings for an endpoint

PATCH /endpoint/v1/endpoints/{endpointId}/isolation

Endpoints

List Endpoints​

Get all the endpoints for the specified tenant

GET /endpoint/v1/endpoints

Get Endpoint​

Get an endpoint based on ID

GET /endpoint/v1/endpoints/{endpointId}

Delete Endpoint​

Deletes a specified endpoint

DELETE /endpoint/v1/endpoints/{endpointId}

Event Journal

List Event Journal Settings​

Get all event journal settings

GET /endpoint/v1/settings/event-journal/{endpointType}

Update Event Journal Settings​

Update settings for event journal size and disk space limits If you specify both a maximum disk space and a maximum journal size, the lower of these limits is used

PATCH /endpoint/v1/settings/event-journal/{endpointType}

Events

Get Events​

Get events with timestamps within the last 24 hours

GET /siem/v1/events

Exploit Mitigation

List Detected Exploits​

Get detected exploits and the number of each detected exploit

GET /endpoint/v1/settings/exploit-mitigation/detected-exploits

Get Detected Exploit​

Get a detected exploit by ID

GET /endpoint/v1/settings/exploit-mitigation/detected-exploits/{detectedExploitId}

List Exploit Mitigation Categories​

Lists all the Exploit Mitigation categories

GET /endpoint/v1/settings/exploit-mitigation/categories

List Exploit Mitigation Applications​

Get Exploit Mitigation settings for all protected applications

GET /endpoint/v1/settings/exploit-mitigation/applications

Add Application To Exploit Mitigation Exclusions​

Exclude a set of file paths from Exploit Mitigation

POST /endpoint/v1/settings/exploit-mitigation/applications

Get Application's Exploit Mitigation Settings​

Get Exploit Mitigation settings for an application

GET /endpoint/v1/settings/exploit-mitigation/applications/{exploitMitigationApplicationId}

Update Application Exploit Mitigation Settings​

Update Exploit Mitigation settings for an application

PATCH /endpoint/v1/settings/exploit-mitigation/applications/{exploitMitigationApplicationId}

Remove Exploit Mitigation Application​

Deletes a custom (user-defined) Exploit Mitigation application by ID. Note you can only delete custom applications A request to delete a system-detected application fails with a 409 Conflict message

DELETE /endpoint/v1/settings/exploit-mitigation/applications/{exploitMitigationApplicationId}


Modification​

Firewall Groups

List Firewall Groups​

Retrieve firewall groups for a tenant

GET /firewall/v1/firewall-groups

Create Firewall Group​

Create firewall group

POST /firewall/v1/firewall-groups

Update Firewall Group​

Change firewall group name. You can also assign firewalls to the group. Or remove firewalls from a group

PATCH /firewall/v1/firewall-groups/{groupId}

Delete Firewall Group​

Delete the firewall group using its ID

DELETE /firewall/v1/firewall-groups/{groupId}

List Firewall Group Sync Status​

Synchronization status for the firewalls in a group

GET /firewall/v1/firewall-groups/{groupId}/firewalls/sync-status

Firewalls

List Firewalls​

List of firewalls

GET /firewall/v1/firewalls

Update Firewall​

Update firewalls with supplied values

PATCH /firewall/v1/firewalls/{firewallId}

Delete Firewall​

Delete firewall using its ID

DELETE /firewall/v1/firewalls/{firewallId}

Run Firewall Action​

Action you want to do to a firewall

POST /firewall/v1/firewalls/{firewallId}/action

Check Firmware​

Check firmware for firewalls

POST /firewall/v1/firewalls/actions/firmware-upgrade-check

Upgrade Firewall​

Upgrade firewalls

POST /firewall/v1/firewalls/actions/firmware-upgrade

Cancel Scheduled Firewall Upgrade​

Cancel scheduled upgrade for a firewall

DELETE /firewall/v1/firewalls/actions/firmware-upgrade


Geolocation​

Global Tamper Protection

Check Global Tamper Protection Setting​

Check whether Tamper Protection is turned on globally

GET /endpoint/v1/settings/tamper-protection

Intrusion Prevention

List Intrusion Prevention Exclusions​

Get all Intrusion Prevention exclusions

GET /endpoint/v1/settings/exclusions/intrusion-prevention

Add Intrusion Prevention Exclusion​

Add a new Intrusion Prevention exclusion

POST /endpoint/v1/settings/exclusions/intrusion-prevention

True True| required | | None Provided | | Direction | String (?) | Direction property of the intrusion prevention exclusion | | Remote Addresses | String (?) | Array of remote addresses for the intrusion prevention exclusion | | Comment* | String (?) | Comment indicating why the item should be allowed |

Get Intrusion Prevention Exclusion​

Get an Intrusion Prevention exclusion by ID

GET /endpoint/v1/settings/exclusions/intrusion-prevention/{exclusionId}

Remove Intrusion Prevention Exclusion​

Delete an Intrusion Prevention exclusion by ID

DELETE /endpoint/v1/settings/exclusions/intrusion-prevention/{exclusionId}

Update Intrusion Prevention Exclusion​

Update an Intrusion Prevention exclusion by ID

PATCH /endpoint/v1/settings/exclusions/intrusion-prevention/{exclusionId}

Isolation Exclusions

List Isolation Exclusions​

Get all isolation exclusions

GET /endpoint/v1/settings/exclusions/isolation

Create Isolation Exclusion​

Adds a new Isolation exclusion

POST /endpoint/v1/settings/exclusions/isolation

True True| required | | None Provided | | Direction | String (?) | Direction property of the intrusion prevention exclusion | | Remote Addresses | String (?) | Array of remote addresses for the intrusion prevention exclusion | | Comment* | String (?) | Comment indicating why the item should be allowed |

Get Isolation Exclusion​

Get a single Isolation exclusion by ID

GET /endpoint/v1/settings/exclusions/isolation/{exclusionId}

Delete Isolation Exclusion​

Deletes an Isolation exclusion

DELETE /endpoint/v1/settings/exclusions/isolation/{exclusionId}

Update Isolation Exclusion​

Updates an Isolation exclusion by ID

PATCH /endpoint/v1/settings/exclusions/isolation/{exclusionId}

Migrations

List Migrations​

Gets all migration jobs for the tenant

GET /endpoint/v1/migrations

Start Receiving Migration Job​

Start a migration job in the receiving tenant

POST /endpoint/v1/migrations

Get Migration Job​

Get a single migration job

GET /endpoint/v1/migrations/{migrationJobId}

Start Starting Migration Job​

Start a migration job in the sending tenant

PUT /endpoint/v1/migrations/{migrationJobId}

List Migration Endpoint Statuses​

Gets the status of endpoints that are being migrated

GET /endpoint/v1/migrations/{migrationJobId}/endpoints

Packages

Get all Sophos Recommended packages for the tenant

GET /endpoint/v1/software/packages/recommended

List Static Packages​

Get all static packages available for the tenant

GET /endpoint/v1/software/packages/static

Get Static Package​

Get an individual static package

GET /endpoint/v1/software/packages/static/{staticPackageId}

Add Package​

Add a package by token, supplied by Sophos support. This is a one-way operation

POST /endpoint/v1/software/packages/static/{staticPackageId}/add

List Static Package Comments​

Get all software comments

GET /endpoint/v1/software/comments

Get Static Package Comment​

Get the static package comment

GET /endpoint/v1/software/comments/{staticPackageId}

Update Static Package Comment​

Add/Update the static package comment

PUT /endpoint/v1/software/comments/{staticPackageId}

Delete Static Package Comment​

Delete the static package comment

DELETE /endpoint/v1/software/comments/{staticPackageId}

Partner Admins

List Partner Admins​

List all partner admins

GET /partner/v1/admins

Create Partner Admin​

Create a new partner administrator

POST /partner/v1/admins

Get Partner Admin​

Get partner administrator details by ID

GET /partner/v1/admins/{adminId}

List All Partner Roles​

Get the list of role assignments for a given admin

GET /partner/v1/admins/{adminId}/role-assignments

Assign A Partner Admin Role​

Assign a role to a partner administrator

POST /partner/v1/admins/{adminId}/role-assignments

Get Partner Admin Role Assignment​

Get partner administrator role assignment by ID

GET /partner/v1/admins/{adminId}/role-assignments/{assignmentId}

Remove A Partner Admin Role Assignment​

Remove role assignment from a partner admin

DELETE /partner/v1/admins/{adminId}/role-assignments/{assignmentId}


Profile​


Partnerroleassignment​


Scope​

Partner Billing

List Partner Usage Report​

Gets a partner usage report for a particular month and year

GET /partner/v1/billing/usage/{year}/{month}

Partner Role Management

List Partner Roles​

List all partner roles

GET /partner/v1/roles

Create Partner Role​

Create a new partner role

POST /partner/v1/roles

Get Partner Role​

Get a partner role by ID

GET /partner/v1/roles/{roleId}

Delete Partner Role​

Delete a partner role by ID

DELETE /partner/v1/roles/{roleId}

Update Partner Role​

Update an existing partner role

PATCH /partner/v1/roles/{roleId}

Get Partner Role Permission Sets​

Get permission set details for a Partner Role

GET /partner/v1/roles/permission-sets

Peripheral Control

List Peripherals​

Get all the peripherals

GET /endpoint/v1/settings/peripheral-control/peripherals

Get Peripheral​

Get a peripheral by ID

GET /endpoint/v1/settings/peripheral-control/peripherals/{peripheralId}

Policy Management

List Policies​

List the policies of a tenant

GET /endpoint/v1/policies

Create Policy​

Create a new policy

POST /endpoint/v1/policies

Get Policy Setting Metadata​

Get a list of metadata for the policy settings

GET /endpoint/v1/policies/settings

Get Policy​

Gets a policy's details

GET /endpoint/v1/policies/{policyId}

Update Policy​

Update policy. Note you can only change the settings for a base policy

PATCH /endpoint/v1/policies/{policyId}

Delete Policy​

Deletes a policy

DELETE /endpoint/v1/policies/{policyId}

List Policy Settings​

Gets a list of policy settings

GET /endpoint/v1/policies/{policyId}/settings

Update Policy Settings​

Updates policy settings

PATCH /endpoint/v1/policies/{policyId}/settings

ordereddict([('description', 'Keys have specific names documented here'), ('type', 'object'), ('x-anchor-description', 'JSON Schema object data type')])

Reset All Settings For A Policy​

Reset policy settings

POST /endpoint/v1/policies/{policyId}/settings/reset

Get Policy Setting Value​

Get the value of a setting key in a policy

GET /endpoint/v1/policies/{policyId}/settings/{settingKey}

Reset Single Policy Setting​

Reset a setting to its default value

POST /endpoint/v1/policies/{policyId}/settings/{settingKey}/reset

Clone Policy​

Clone a policy

POST /endpoint/v1/policies/{policyId}/clone

Get Base Policy​

Get base policy for a policy type

GET /endpoint/v1/policies/{policyType}/base

Update Base Policy​

Update base policy. Note that only settings can be changed

PATCH /endpoint/v1/policies/{policyType}/base

Get Base Policy Settings​

Get settings of the base policy for a policy type

GET /endpoint/v1/policies/{policyType}/base/settings

Update Base Policy Settings​

Update settings in the base policy for a policy type

PATCH /endpoint/v1/policies/{policyType}/base/settings

ordereddict([('description', 'Keys have specific names documented here'), ('type', 'object'), ('x-anchor-description', 'JSON Schema object data type')])

Reset Base Policy Settings​

Reset the settings in a base policy

POST /endpoint/v1/policies/{policyType}/base/settings/reset

Get Base Policy Setting​

Get the value of a setting in the base policy for a policy type

GET /endpoint/v1/policies/{policyType}/base/settings/{settingKey}

Update Base Policy Setting​

Update a setting in the base policy

PATCH /endpoint/v1/policies/{policyType}/base/settings/{settingKey}

Reset Setting In Base Policy​

Reset a setting in the base policy to its default value

POST /endpoint/v1/policies/{policyType}/base/settings/{settingKey}/reset

Clone Base Policy​

Clone a new policy from the base policy for a policy type

POST