Sophos Integration Setup
Integrating Rewst with Sophos brings robust cybersecurity capabilities to your Rewst workflows, enhancing data protection and threat management. With the integration, Rewst users can leverage Sophos' advanced security solutions to strengthen their defense against cyber threats. This includes features such as malware detection, ransomware protection, network security, and endpoint protection. By integrating Sophos into Rewst, users can enhance their security posture, mitigate risks, and safeguard sensitive data. The integration empowers users to proactively manage their cybersecurity within the Rewst platform, ensuring a secure environment for their operations and protecting against evolving threats.
Setup
To set up the Sophos Integration, you'll need to do the following:
Navigate to the Global Settings of Sophos and locate the API Credentials Management section.
Click on the "Add Credential" button to initiate the process of adding a new credential.
Provide a name and description for the credential to identify and distinguish it from others.
Choose the role that will be assigned to this credential. The available roles to choose from can be viewed here.
Navigate to the integrations page in Rewst.
Click on the Sophos integration.
Fill out the integration form.
Submit the form.
We'll run a quick test to ensure that the credentials are valid and that we can successfully connect to the Sophos API.
Actions
Alerts
List Alertsβ
List alerts matching specified criteria
GET /common/v1/alerts
| Key | Type | Description |
|---|---|---|
Tenant | Sophos Tenant | The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field. |
Group Key | String (?) | Alert group key. You can filter by group key |
From | String (?) | You can find alerts that were raised on or after this time |
To | String (?) | You can find alerts that were raised before this time |
Sort | Array | Defines how to sort the data |
Product | Array | Alerts for a product. You can query by product types |
Category | Array | Alert category. You can query by different categories |
Severity | Array | Alerts for a specific severity level. You can query by severity levels |
Alerts | String (?) | List of IDs |
Fields | String (?) | The fields to return in a partial response |
Get Alertβ
Get details of a specific alert
GET /common/v1/alerts/{alertId}
| Key | Type | Description |
|---|---|---|
Tenant | Sophos Tenant | The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field. |
Alert* | Sophos Alert | None Provided |
Take Action On Alertβ
Take an action on a specific alert
POST /common/v1/alerts/{alertId}/actions
| Key | Type | Description |
|---|---|---|
Tenant | Sophos Tenant | The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field. |
Alert* | Sophos Alert | None Provided |
Action* | String (?) | Actions that you can perform on these alerts |
Message | String (?) | Message to send for the action |
Allowed Items
List Exemptionsβ
Get all allowed items from settings
GET /endpoint/v1/settings/allowed-items
| Key | Type | Description |
|---|---|---|
Tenant | Sophos Tenant | The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field. |
Create Exemptionβ
Exempt an item from conviction
POST /endpoint/v1/settings/allowed-items
| Key | Type | Description |
|---|---|---|
Tenant | Sophos Tenant | The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field. |
Type* | String (?) | Property by which an item is allowed |
Comment* | String (?) | Comment indicating why the item should be allowed |
Origin Person* | String (?) | Person associated with the endpoint where the item to be allowed was last seen |
Origin Endpoint | String (?) | Endpoint where the item to be allowed was last seen |
Get Exemptionβ
Get an exemption by ID
GET /endpoint/v1/settings/allowed-items/{allowedItemId}
| Key | Type | Description |
|---|---|---|
Tenant | Sophos Tenant | The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field. |
Blocked Item* | Sophos Blocked Item | None Provided |
Update Exemptionβ
Update an exemption
PATCH /endpoint/v1/settings/allowed-items/{allowedItemId}
| Key | Type | Description |
|---|---|---|
Tenant | Sophos Tenant | The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field. |
Blocked Item* | Sophos Blocked Item | None Provided |
Comment* | String (?) | Comment indicating why the item should be allowed |
Delete Exemptionβ
Deletes the specified exemption
DELETE /endpoint/v1/settings/allowed-items/{allowedItemId}
| Key | Type | Description |
|---|---|---|
Tenant | Sophos Tenant | The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field. |
Blocked Item* | Sophos Blocked Item | None Provided |
Propertyβ
| Key | Type | Description |
|---|---|---|
File Name* | String (?) | File name |
Path* | String (?) | Path for the application |
Sha256* | String (?) | Sha256 value for the application |
Certificate Signer* | String (?) | Value saved for the certificateSigner |
Blocked Items
List Quarantined Itemsβ
Get all blocked items
GET /endpoint/v1/settings/blocked-items
| Key | Type | Description |
|---|---|---|
Tenant | Sophos Tenant | The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field. |
Add Item To Quarantineβ
Block an item from exoneration
POST /endpoint/v1/settings/blocked-items
| Key | Type | Description |
|---|---|---|
Tenant | Sophos Tenant | The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field. |
Type* | String (?) | Property by which an item is blocked |
Comment* | String (?) | Comment indicating why the item should be allowed |
Get Quarantined Itemβ
Get a blocked item by ID
GET /endpoint/v1/settings/blocked-items/{blockedItemId}
| Key | Type | Description |
|---|---|---|
Tenant | Sophos Tenant | The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field. |
Blocked Item* | Sophos Blocked Item | None Provided |
Delete From Quarantineβ
Deletes the specified blocked item
DELETE /endpoint/v1/settings/blocked-items/{blockedItemId}
| Key | Type | Description |
|---|---|---|
Tenant | Sophos Tenant | The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field. |
Blocked Item* | Sophos Blocked Item | None Provided |
Property - Blocked Itemsβ
| Key | Type | Description |
|---|---|---|
File Name* | String (?) | File name |
Path* | String (?) | Path for the application |
Sha256* | String (?) | Sha256 value for the application |
Certificate Signer* | String (?) | Value saved for the certificateSigner |
Directory Management
List Usersβ
List users in the directory
GET /common/v1/directory/users
| Key | Type | Description |
|---|---|---|
Tenant | Sophos Tenant | The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field. |
Sort | Array | Defines how to sort the data |
Fields | String (?) | The fields to return in a partial response |
IDs | String (?) | List of item IDs to match |
Search | String (?) | Search for items that match the given terms |
Search Fields | Array | Search only within the specified fields, username field is default if search query is specified |
Source Type | String | Source directory type |
User Group | Sophos User Group | None Provided |
Domain | String (?) | List the items that match the given domain |
Create Userβ
Add a new user to the directory
POST /common/v1/directory/users
| Key | Type | Description |
|---|---|---|
Tenant | Sophos Tenant | The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field. |
Fields | String (?) | The fields to return in a partial response |
Name | String (?) | User's full name |
First Name | String (?) | None Provided |
Last Name | String (?) | None Provided |
String (?) | User's email address | |
Exchange Login | String (?) | User's Exchange login |
User Group | Array | Groups that the user should be added to |
Get Userβ
Get a user by ID
GET /common/v1/directory/users/{userId}
| Key | Type | Description |
|---|---|---|
Tenant | Sophos Tenant | The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field. |
User* | Sophos User | None Provided |
Fields | String (?) | The fields to return in a partial response |
Delete Userβ
Delete a user by ID
DELETE /common/v1/directory/users/{userId}
| Key | Type | Description |
|---|---|---|
Tenant | Sophos Tenant | The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field. |
User* | Sophos User | None Provided |
Update Userβ
Update an existing user
PATCH /common/v1/directory/users/{userId}
| Key | Type | Description |
|---|---|---|
Tenant | Sophos Tenant | The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field. |
User* | Sophos User | None Provided |
Fields | String (?) | The fields to return in a partial response |
Name | String (?) | User's full name |
First Name | String (?) | None Provided |
Last Name | String (?) | None Provided |
String (?) | User's email address | |
Exchange Login | String (?) | User's Exchange login |
List User Groupsβ
List user groups in the directory
GET /common/v1/directory/user-groups
| Key | Type | Description |
|---|---|---|
Tenant | Sophos Tenant | The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field. |
Sort | Array | Defines how to sort the data |
Fields | String (?) | The fields to return in a partial response |
IDs | String (?) | List of item IDs to match |
Search | String (?) | Search for items that match the given terms |
Search Fields | Array | Search only within the specified fields, username field is default if search query is specified |
Source Type | String | Source directory type |
User | Sophos User | None Provided |
Domain | String (?) | List the items that match the given domain |
Create User Groupβ
Add a new group to the directory
POST /common/v1/directory/user-groups
| Key | Type | Description |
|---|---|---|
Tenant | Sophos Tenant | The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field. |
Fields | String (?) | The fields to return in a partial response |
Name | String (?) | Group name |
Description | String (?) | Group description |
Users | Array | Users in the group |
Get User Groupβ
Get a user group by ID
GET /common/v1/directory/user-groups/{groupId}
| Key | Type | Description |
|---|---|---|
Tenant | Sophos Tenant | The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field. |
User Group* | Sophos User Group | None Provided |
Fields | String (?) | The fields to return in a partial response |
Delete User Groupβ
Deletes the specified user group. The group must be empty.
DELETE /common/v1/directory/user-groups/{groupId}
| Key | Type | Description |
|---|---|---|
Tenant | Sophos Tenant | The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field. |
User Group* | Sophos User Group | None Provided |
Update User Groupβ
Update a user group
PATCH /common/v1/directory/user-groups/{groupId}
| Key | Type | Description |
|---|---|---|
Tenant | Sophos Tenant | The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field. |
User Group* | Sophos User Group | None Provided |
Fields | String (?) | The fields to return in a partial response |
Name | String (?) | New group name |
Description | String (?) | Group description |
Get User Group Membershipβ
List groups that a user belongs to
GET /common/v1/directory/users/{userId}/groups
| Key | Type | Description |
|---|---|---|
Tenant | Sophos Tenant | The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field. |
User* | Sophos User | None Provided |
Sort | Array | Defines how to sort the data |
Fields | String (?) | The fields to return in a partial response |
Search | String (?) | Search for items that match the given terms |
Search Fields | Array | Search only within the specified fields, username field is default if search query is specified |
Source Type | String | Source directory type |
Domain | String (?) | List the items that match the given domain |
Add User To Group(S)β
Add a user to multiple groups
POST /common/v1/directory/users/{userId}/groups
| Key | Type | Description |
|---|---|---|
Tenant | Sophos Tenant | The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field. |
User* | Sophos User | None Provided |
IDs | String (?) | List of group IDs |
Remove User From Group(S)β
Remove a user from multiple groups
DELETE /common/v1/directory/users/{userId}/groups
| Key | Type | Description |
|---|---|---|
Tenant | Sophos Tenant | The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field. |
User* | Sophos User | None Provided |
User Groups | String (?) | List of group IDs |
List Users In Groupβ
List users in the specified group
GET /common/v1/directory/user-groups/{groupId}/users
| Key | Type | Description |
|---|---|---|
Tenant | Sophos Tenant | The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field. |
User Group* | Sophos User Group | None Provided |
Sort | Array | Defines how to sort the data |
Fields | String (?) | The fields to return in a partial response |
Search | String (?) | Search for items that match the given terms |
Search Fields | Array | Search only within the specified fields, username field is default if search query is specified |
Source Type | String | Source directory type |
Domain | String (?) | List the items that match the given domain |
Add User(S) To Groupβ
Add multiple users to the specified group
POST /common/v1/directory/user-groups/{groupId}/users
| Key | Type | Description |
|---|---|---|
Tenant | Sophos Tenant | The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field. |
User Group* | Sophos User Group | None Provided |
Users | String (?) | List of user IDs |
Remove User(S) From Groupβ
Remove multiple users from a group
DELETE /common/v1/directory/user-groups/{groupId}/users
| Key | Type | Description |
|---|---|---|
Tenant | Sophos Tenant | The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field. |
User Group* | Sophos User Group | None Provided |
Users | String (?) | List of user IDs |
Downloads
List Endpoint Installer Linksβ
Get all the endpoint installer links for a tenant
GET /endpoint/v1/downloads
| Key | Type | Description |
|---|---|---|
Tenant | Sophos Tenant | The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field. |
Requested Products | Array | Products to include in the installers. All values are given if you don't use filters |
Platforms | Array | Specify which platforms to include. All values are given if you don't use filters |
Endpoint Groups Management
List Endpoint Groupsβ
Endpoint groups in the directory
GET /endpoint/v1/endpoint-groups
| Key | Type | Description |
|---|---|---|
Tenant | Sophos Tenant | The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field. |
Group Type | String | Endpoint group type |
Sort | Array | Defines how to sort the data |
Fields | String (?) | The fields to return in a partial response |
Endpoint Groups | String (?) | IDs to match |
Search | String (?) | Search for items that match the given terms |
Search Fields | Array | Search only within the specified fields, username field is default if search query is specified |
Endpoints | Array | Endpoints UUIDs |
Create Endpoint Groupβ
Add a new endpoint group to the directory
POST /endpoint/v1/endpoint-groups
| Key | Type | Description |
|---|---|---|
Tenant | Sophos Tenant | The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field. |
Fields | String (?) | The fields to return in a partial response |
Name* | String (?) | Group name |
Description | String (?) | Group description |
Type* | String (?) | Endpoint group types |
Endpoints | Array | Endpoints UUIDs |
List Endpoint Groups By Typeβ
Endpoint groups of your specified type in the directory
GET /endpoint/v1/endpoint-groups/types/{groupType}
| Key | Type | Description |
|---|---|---|
Tenant | Sophos Tenant | The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field. |
Group Type* | String | Endpoint group type |
Sort | Array | Defines how to sort the data |
Fields | String (?) | The fields to return in a partial response |
IDs | String (?) | IDs to match |
Search | String (?) | Search for items that match the given terms |
Search Fields | Array | Search only within the specified fields, username field is default if search query is specified |
Endpoints | Array | Endpoints UUIDs |
Get Endpoint Groupβ
Get endpoint group by ID
GET /endpoint/v1/endpoint-groups/{groupId}
| Key | Type | Description |
|---|---|---|
Tenant | Sophos Tenant | The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field. |
Endpoint Groups* | Sophos Endpoint Group | None Provided |
Fields | String (?) | The fields to return in a partial response |
Delete Endpoint Groupβ
Delete endpoint group
DELETE /endpoint/v1/endpoint-groups/{groupId}
| Key | Type | Description |
|---|---|---|
Tenant | Sophos Tenant | The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field. |
Endpoint Groups* | Sophos Endpoint Group | None Provided |
Update Endpoint Groupβ
Update endpoint group
PATCH /endpoint/v1/endpoint-groups/{groupId}
| Key | Type | Description |
|---|---|---|
Tenant | Sophos Tenant | The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field. |
Endpoint Groups* | Sophos Endpoint Group | None Provided |
Fields | String (?) | The fields to return in a partial response |
Name | String (?) | New group name |
Description | String (?) | Group description |
List Endpoints In Groupβ
Endpoints in your specified group
GET /endpoint/v1/endpoint-groups/{groupId}/endpoints
| Key | Type | Description |
|---|---|---|
Tenant | Sophos Tenant | The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field. |
Endpoint Groups* | Sophos Endpoint Group | None Provided |
Sort | Array | Defines how to sort the data |
Fields | String (?) | The fields to return in a partial response |
Search | String (?) | Search for items that match the given terms |
Search Fields | Array | Search only within the specified fields, username field is default if search query is specified |
Add Endpoint(S) To Groupβ
Add endpoints to your group
POST /endpoint-groups/{groupId}/endpoints
| Key | Type | Description |
|---|---|---|
Tenant | Sophos Tenant | The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field. |
Endpoint Groups* | Sophos Endpoint Group | None Provided |
Endpoints | String (?) | List of endpoint IDs |
Remove From Groupβ
Remove endpoints from a group
DELETE /endpoint-groups/{groupId}/endpoints
| Key | Type | Description |
|---|---|---|
Tenant | Sophos Tenant | The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field. |
Endpoint Groups* | Sophos Endpoint Group | None Provided |
IDs | String (?) | Endpoint IDs |
Remove Single Endpoint From Groupβ
Remove endpoint from a group
DELETE /endpoint-groups/{groupId}/endpoints/{endpointId}
| Key | Type | Description |
|---|---|---|
Tenant | Sophos Tenant | The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field. |
Endpoint Groups* | Sophos Endpoint Group | None Provided |
Endpoint* | Sophos Endpoint | None Provided |
Endpoint Isolation
Configure Endpoint(s) Isolation Settingsβ
Turn on or off endpoint isolation for multiple endpoints
POST /endpoint/v1/endpoints/isolation
| Key | Type | Description |
|---|---|---|
Tenant | Sophos Tenant | The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field. |
Enabled | String (?) | Whether Tamper Protection should be turned on for the endpoint |
Comment* | String (?) | Comment indicating why the item should be allowed |
IDs | String (?) | List of endpoints IDs |
Get Endpoint's Isolation Settingsβ
Get isolation settings for an endpoint
GET /endpoint/v1/endpoints/{endpointId}/isolation
| Key | Type | Description |
|---|---|---|
Tenant | Sophos Tenant | The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field. |
Endpoint* | Sophos Endpoint | None Provided |
Update Endpoint's Isolation Settingsβ
Update isolation settings for an endpoint
PATCH /endpoint/v1/endpoints/{endpointId}/isolation
| Key | Type | Description |
|---|---|---|
Tenant | Sophos Tenant | The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field. |
Endpoint* | Sophos Endpoint | None Provided |
Enabled | String (?) | Whether Tamper Protection should be turned on for the endpoint |
Comment* | String (?) | Comment indicating why the item should be allowed |
Endpoints
List Endpointsβ
Get all the endpoints for the specified tenant
GET /endpoint/v1/endpoints
| Key | Type | Description |
|---|---|---|
Tenant | Sophos Tenant | The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field. |
Sort | Array | Defines how to sort the data |
Health Status | Array | Find endpoints by health status |
Type | String (?) | Find endpoints by type |
Tamper Protection Enabled | String (?) | Find endpoints by whether Tamper Protection is turned on |
Lockdown Status | Array | Find endpoints by lockdown status |
Last Seen Before | String (?) | Find endpoints that were last seen before the given date and time (UTC) or a duration relative to the current date and time (exclusive). |
Last Seen After | String (?) | Find endpoints that were last seen after the given date and time (UTC) or a duration relative to the current date and time (inclusive). |
IDs | String (?) | Find endpoints with the specified IDs |
Isolation Status | String | Find endpoints by isolation status |
Hostname Contains | String (?) | Find endpoints where the hostname contains the given string Only the first 10 characters of the given string are matched. |
Associated Person Contains | String (?) | Find endpoints where the name of the person associated with the endpoint contains the given string Only the first 10 characters of the given string are matched. |
Group Name Contains | String (?) | Find endpoints where the name of the group the endpoint is in contains the given string Only the first 10 characters of the given string are matched. |
Search | String (?) | Search for items that match the given terms |
Search Fields | Array | Search only within the specified fields, username field is default if search query is specified |
IP Addresses | Array | Find endpoints by IP addresses |
Cloud | Array | Find endpoints that are cloud instances. You must use URL encoding |
Fields | String (?) | The fields to return in a partial response |
View | String | Type of view to be returned in response |
Assigned To Group | String (?) | Whether endpoint is assigned to a group |
Endpoint Groups | Array | Groups that the endpoint should be added to |
MAC Addresses | Array | Find endpoints by MAC Addresses Can be in EUI-48 or EUI-64 format, case insensitive, colon, hyphen or dot separated, or with no separator e.g. 01:23:45:67:89:AB, 01-23-45-67-89-ab, 0123.4567.89ab, 0123456789ab, 01:23:45:67:89πcd:ef. |
Get Endpointβ
Get an endpoint based on ID
GET /endpoint/v1/endpoints/{endpointId}
| Key | Type | Description |
|---|---|---|
Tenant | Sophos Tenant | The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field. |
Endpoint* | Sophos Endpoint | None Provided |
Fields | String (?) | The fields to return in a partial response |
View | String | Type of view to be returned in response |
Delete Endpointβ
Deletes a specified endpoint
DELETE /endpoint/v1/endpoints/{endpointId}
| Key | Type | Description |
|---|---|---|
Tenant | Sophos Tenant | The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field. |
Endpoint* | Sophos Endpoint | None Provided |
Event Journal
List Event Journal Settingsβ
Get all event journal settings
GET /endpoint/v1/settings/event-journal/{endpointType}
| Key | Type | Description |
|---|---|---|
Tenant | Sophos Tenant | The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field. |
Endpoint Type* | String | Endpoint type |
Update Event Journal Settingsβ
Update settings for event journal size and disk space limits If you specify both a maximum disk space and a maximum journal size, the lower of these limits is used
PATCH /endpoint/v1/settings/event-journal/{endpointType}
| Key | Type | Description |
|---|---|---|
Tenant | Sophos Tenant | The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field. |
Endpoint Type* | String | Endpoint type |
Use Recommended | String (?) | Shows if the recommended setting is required |
Disk Space Limit In Mb | String (?) | Maximum size of the event journal (MB) |
Disk Space Limit As Percentage | String | Disk space limit for the event journal (percentage). The value 0 will mean Disk space limit is not specified. |
Events
Get Eventsβ
Get events with timestamps within the last 24 hours
GET /siem/v1/events
| Key | Type | Description |
|---|---|---|
X-Tenant-ID | Sophos Tenant | None Provided |
limit | String (?) | The maximum number of items to return, default is 200, max is 1000 |
cursor | String (?) | Identifier for next item in the list, this value is available in response as next_cursor Response will default to last 24 hours if cursor is not within last 24 hours. |
from_date | String (?) | The starting date from which alerts will be retrieved defined as Unix timestamp in UTCIgnored if cursor is set. Must be within last 24 hours. |
exclude_types | String (?) | The String of list of types of events to be excluded |
Exploit Mitigation
List Detected Exploitsβ
Get detected exploits and the number of each detected exploit
GET /endpoint/v1/settings/exploit-mitigation/detected-exploits
| Key | Type | Description |
|---|---|---|
Tenant | Sophos Tenant | The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field. |
Thumbprint Not In | Array | Filter out detected exploits with these thumbprints |
Get Detected Exploitβ
Get a detected exploit by ID
GET /endpoint/v1/settings/exploit-mitigation/detected-exploits/{detectedExploitId}
| Key | Type | Description |
|---|---|---|
Tenant | Sophos Tenant | The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field. |
Detected Exploit* | Sophos Detected Exploit | None Provided |
List Exploit Mitigation Categoriesβ
Lists all the Exploit Mitigation categories
GET /endpoint/v1/settings/exploit-mitigation/categories
| Key | Type | Description |
|---|---|---|
Tenant | Sophos Tenant | The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field. |
List Exploit Mitigation Applicationsβ
Get Exploit Mitigation settings for all protected applications
GET /endpoint/v1/settings/exploit-mitigation/applications
| Key | Type | Description |
|---|---|---|
Tenant | Sophos Tenant | The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field. |
Type | String (?) | Exploit Mitigation Application type |
Modified | String (?) | Whether or not Exploit Mitigation Application has been customized |
Add Application To Exploit Mitigation Exclusionsβ
Exclude a set of file paths from Exploit Mitigation
POST /endpoint/v1/settings/exploit-mitigation/applications
| Key | Type | Description |
|---|---|---|
Tenant | Sophos Tenant | The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field. |
Paths | Array | Array of absolute paths to an application file to exclude. You may use HitmanProAlert expansion variables (For example, $desktop, $programfiles). Currently, this array may contain only one application path. |
Get Application's Exploit Mitigation Settingsβ
Get Exploit Mitigation settings for an application
GET /endpoint/v1/settings/exploit-mitigation/applications/{exploitMitigationApplicationId}
| Key | Type | Description |
|---|---|---|
Tenant | Sophos Tenant | The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field. |
Exploit Mitigation Application* | Sophos Exploit Mitigation Application | Exploit Mitigation application ID |
Update Application Exploit Mitigation Settingsβ
Update Exploit Mitigation settings for an application
PATCH /endpoint/v1/settings/exploit-mitigation/applications/{exploitMitigationApplicationId}
| Key | Type | Description |
|---|---|---|
Tenant | Sophos Tenant | The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field. |
Exploit Mitigation Application* | Sophos Exploit Mitigation Application | Exploit Mitigation application ID |
Paths | Array | Array of absolute paths to an application file to exclude. You may use HitmanProAlert expansion variables (For example, $desktop, $programfiles). Currently, this array may contain only one application path. |
Remove Exploit Mitigation Applicationβ
Deletes a custom (user-defined) Exploit Mitigation application by ID. Note you can only delete custom applications A request to delete a system-detected application fails with a 409 Conflict message
DELETE /endpoint/v1/settings/exploit-mitigation/applications/{exploitMitigationApplicationId}
| Key | Type | Description |
|---|---|---|
Tenant | Sophos Tenant | The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field. |
Exploit Mitigation Application* | Sophos Exploit Mitigation Application | Exploit Mitigation application ID |
Modificationβ
| Key | Type | Description |
|---|---|---|
protected | String (?) | None Provided |
settings | String (?) | None Provided |
Firewall Groups
List Firewall Groupsβ
Retrieve firewall groups for a tenant
GET /firewall/v1/firewall-groups
| Key | Type | Description |
|---|---|---|
Tenant | Sophos Tenant | The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field. |
Recurse Subgroups | String (?) | Whether to include nested child groups or not |
Search | String (?) | Search for items that match the given terms |
Search Fields | Array | Search only within the specified fields, username field is default if search query is specified |
Create Firewall Groupβ
Create firewall group
POST /firewall/v1/firewall-groups
| Key | Type | Description |
|---|---|---|
Tenant | Sophos Tenant | The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field. |
Name | String (?) | Group name |
Config Import Source Firewall | String (?) | ID for the firewall you're importing configuration settings from |
Assign Firewalls | Array | IDs for the firewalls you're adding to the group |
Firewall Group | Sophos Firewall Group | None Provided |
Update Firewall Groupβ
Change firewall group name. You can also assign firewalls to the group. Or remove firewalls from a group
PATCH /firewall/v1/firewall-groups/{groupId}
| Key | Type | Description |
|---|---|---|
Tenant | Sophos Tenant | The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field. |
Firewall Group* | Sophos Firewall Group | None Provided |
Name | String (?) | New group name |
Assign Firewalls | Array | IDs for the firewalls you're adding to the group |
Unassign Firewalls | Array | IDs for the firewalls you're removing from group |
Delete Firewall Groupβ
Delete the firewall group using its ID
DELETE /firewall/v1/firewall-groups/{groupId}
| Key | Type | Description |
|---|---|---|
Tenant | Sophos Tenant | The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field. |
Firewall Group* | Sophos Firewall Group | None Provided |
List Firewall Group Sync Statusβ
Synchronization status for the firewalls in a group
GET /firewall/v1/firewall-groups/{groupId}/firewalls/sync-status
| Key | Type | Description |
|---|---|---|
Tenant | Sophos Tenant | The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field. |
Firewall Group* | Sophos Firewall Group | None Provided |
IDs | String (?) | None Provided |
Firewalls
List Firewallsβ
List of firewalls
GET /firewall/v1/firewalls
| Key | Type | Description |
|---|---|---|
Tenant | Sophos Tenant | The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field. |
Firewall Group | Sophos Firewall Group | None Provided |
Search | String (?) | Search for items that match the given terms |
Update Firewallβ
Update firewalls with supplied values
PATCH /firewall/v1/firewalls/{firewallId}
| Key | Type | Description |
|---|---|---|
Tenant | Sophos Tenant | The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field. |
Firewall* | Sophos Firewall | None Provided |
Name | String (?) | Firewall name |
Delete Firewallβ
Delete firewall using its ID
DELETE /firewall/v1/firewalls/{firewallId}
| Key | Type | Description |
|---|---|---|
Tenant | Sophos Tenant | The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field. |
Firewall* | Sophos Firewall | None Provided |
Run Firewall Actionβ
Action you want to do to a firewall
POST /firewall/v1/firewalls/{firewallId}/action
| Key | Type | Description |
|---|---|---|
Tenant | Sophos Tenant | The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field. |
Firewall* | Sophos Firewall | None Provided |
Action | String (?) | Actions that you can perform on these alerts |
Check Firmwareβ
Check firmware for firewalls
POST /firewall/v1/firewalls/actions/firmware-upgrade-check
| Key | Type | Description |
|---|---|---|
Tenant | Sophos Tenant | The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field. |
Firewalls | Array | None Provided |
Upgrade Firewallβ
Upgrade firewalls
POST /firewall/v1/firewalls/actions/firmware-upgrade
| Key | Type | Description |
|---|---|---|
Tenant | Sophos Tenant | The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field. |
Firewalls* | Array | None Provided |
Cancel Scheduled Firewall Upgradeβ
Cancel scheduled upgrade for a firewall
DELETE /firewall/v1/firewalls/actions/firmware-upgrade
| Key | Type | Description |
|---|---|---|
Tenant | Sophos Tenant | The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field. |
Firewalls* | String (?) | None Provided |
Geolocationβ
| Key | Type | Description |
|---|---|---|
latitude | String (?) | None Provided |
longitude | String (?) | None Provided |
Global Tamper Protection
Check Global Tamper Protection Settingβ
Check whether Tamper Protection is turned on globally
GET /endpoint/v1/settings/tamper-protection
| Key | Type | Description |
|---|---|---|
Tenant | Sophos Tenant | The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field. |
Intrusion Prevention
List Intrusion Prevention Exclusionsβ
Get all Intrusion Prevention exclusions
GET /endpoint/v1/settings/exclusions/intrusion-prevention
| Key | Type | Description |
|---|---|---|
Tenant | Sophos Tenant | The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field. |
Add Intrusion Prevention Exclusionβ
Add a new Intrusion Prevention exclusion
POST /endpoint/v1/settings/exclusions/intrusion-prevention
| Key | Type | Description |
|---|---|---|
Tenant | Sophos Tenant | The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field. |
Local Ports | Array | Local protected ports |
Remote Ports | Array | Remote protected ports |
True True| required | | None Provided | | Direction | String (?) | Direction property of the intrusion prevention exclusion | | Remote Addresses | String (?) | Array of remote addresses for the intrusion prevention exclusion | | Comment* | String (?) | Comment indicating why the item should be allowed |
Get Intrusion Prevention Exclusionβ
Get an Intrusion Prevention exclusion by ID
GET /endpoint/v1/settings/exclusions/intrusion-prevention/{exclusionId}
| Key | Type | Description |
|---|---|---|
Tenant | Sophos Tenant | The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field. |
Intrusions Exclusion* | Sophos Intrusions Exclusion | Exclusion ID |
Remove Intrusion Prevention Exclusionβ
Delete an Intrusion Prevention exclusion by ID
DELETE /endpoint/v1/settings/exclusions/intrusion-prevention/{exclusionId}
| Key | Type | Description |
|---|---|---|
Tenant | Sophos Tenant | The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field. |
Intrusions Exclusion* | Sophos Intrusions Exclusion | Exclusion ID |
Update Intrusion Prevention Exclusionβ
Update an Intrusion Prevention exclusion by ID
PATCH /endpoint/v1/settings/exclusions/intrusion-prevention/{exclusionId}
| Key | Type | Description |
|---|---|---|
Tenant | Sophos Tenant | The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field. |
Intrusions Exclusion* | Sophos Intrusions Exclusion | Exclusion ID |
Local Ports | Array | Local protected ports |
Remote Ports | Array | Remote protected ports |
Direction | String (?) | Direction property of the intrusion prevention exclusion |
Remote Addresses | String (?) | Array of remote addresses for the intrusion prevention exclusion |
Comment* | String (?) | Comment indicating why the item should be allowed |
Isolation Exclusions
List Isolation Exclusionsβ
Get all isolation exclusions
GET /endpoint/v1/settings/exclusions/isolation
| Key | Type | Description |
|---|---|---|
Tenant | Sophos Tenant | The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field. |
Create Isolation Exclusionβ
Adds a new Isolation exclusion
POST /endpoint/v1/settings/exclusions/isolation
| Key | Type | Description |
|---|---|---|
Tenant | Sophos Tenant | The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field. |
Local Ports | Array | Local protected ports |
Remote Ports | Array | Remote protected ports |
True True| required | | None Provided | | Direction | String (?) | Direction property of the intrusion prevention exclusion | | Remote Addresses | String (?) | Array of remote addresses for the intrusion prevention exclusion | | Comment* | String (?) | Comment indicating why the item should be allowed |
Get Isolation Exclusionβ
Get a single Isolation exclusion by ID
GET /endpoint/v1/settings/exclusions/isolation/{exclusionId}
| Key | Type | Description |
|---|---|---|
Tenant | Sophos Tenant | The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field. |
Isolation Exclusion* | Sophos Isolation Exclusion | Exclusion ID |
Delete Isolation Exclusionβ
Deletes an Isolation exclusion
DELETE /endpoint/v1/settings/exclusions/isolation/{exclusionId}
| Key | Type | Description |
|---|---|---|
Tenant | Sophos Tenant | The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field. |
Isolation Exclusion* | Sophos Isolation Exclusion | Exclusion ID |
Update Isolation Exclusionβ
Updates an Isolation exclusion by ID
PATCH /endpoint/v1/settings/exclusions/isolation/{exclusionId}
| Key | Type | Description |
|---|---|---|
Tenant | Sophos Tenant | The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field. |
Isolation Exclusion* | Sophos Isolation Exclusion | Exclusion ID |
Local Ports | Array | Local protected ports |
Remote Ports | Array | Remote protected ports |
Direction | String (?) | Direction property of the intrusion prevention exclusion |
Remote Addresses | String (?) | Array of remote addresses for the intrusion prevention exclusion |
Comment* | String (?) | Comment indicating why the item should be allowed |
Migrations
List Migrationsβ
Gets all migration jobs for the tenant
GET /endpoint/v1/migrations
| Key | Type | Description |
|---|---|---|
Tenant | Sophos Tenant | The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field. |
Mode | String | Filter migration jobs by sending or receiving mode |
Start Receiving Migration Jobβ
Start a migration job in the receiving tenant
POST /endpoint/v1/migrations
| Key | Type | Description |
|---|---|---|
Tenant | Sophos Tenant | The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field. |
From Tenant | String (?) | Sending tenant |
Endpoints | Array | Endpoints UUIDs |
Get Migration Jobβ
Get a single migration job
GET /endpoint/v1/migrations/{migrationJobId}
| Key | Type | Description |
|---|---|---|
Tenant | Sophos Tenant | The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field. |
Migration Job* | Sophos Migration Job | Migration job ID |
Start Starting Migration Jobβ
Start a migration job in the sending tenant
PUT /endpoint/v1/migrations/{migrationJobId}
| Key | Type | Description |
|---|---|---|
Tenant | Sophos Tenant | The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field. |
Migration Job* | Sophos Migration Job | Migration job ID |
Token | String (?) | Job token |
Endpoints | Array | Endpoints UUIDs |
List Migration Endpoint Statusesβ
Gets the status of endpoints that are being migrated
GET /endpoint/v1/migrations/{migrationJobId}/endpoints
| Key | Type | Description |
|---|---|---|
Tenant | Sophos Tenant | The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field. |
Migration Job* | Sophos Migration Job | Migration job ID |
Packages
List Recommended Packagesβ
Get all Sophos Recommended packages for the tenant
GET /endpoint/v1/software/packages/recommended
| Key | Type | Description |
|---|---|---|
Tenant | Sophos Tenant | The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field. |
List Static Packagesβ
Get all static packages available for the tenant
GET /endpoint/v1/software/packages/static
| Key | Type | Description |
|---|---|---|
Tenant | Sophos Tenant | The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field. |
Sort | Array | Defines how to sort the data |
Endpoint Type* | String | Endpoint type |
Platform | String | Filter to the platform of the static package |
Type | String (?) | Show the type of static package |
Expires From | String (?) | Show static packages that expire on or after this date (inclusive) |
Expires To | String (?) | Show static packages that expire before this date (exclusive) |
Released From | String (?) | Show static packages that were released on or after this date (inclusive) |
Released To | String (?) | Show static packages that were released before this date (exclusive) |
Get Static Packageβ
Get an individual static package
GET /endpoint/v1/software/packages/static/{staticPackageId}
| Key | Type | Description |
|---|---|---|
Tenant | Sophos Tenant | The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field. |
Static Packages* | Sophos Static Package | None Provided |
Add Packageβ
Add a package by token, supplied by Sophos support. This is a one-way operation
POST /endpoint/v1/software/packages/static/{staticPackageId}/add
| Key | Type | Description |
|---|---|---|
Tenant | Sophos Tenant | The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field. |
Static Packages* | Sophos Static Package | None Provided |
List Static Package Commentsβ
Get all software comments
GET /endpoint/v1/software/comments
| Key | Type | Description |
|---|---|---|
Tenant | Sophos Tenant | The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field. |
Get Static Package Commentβ
Get the static package comment
GET /endpoint/v1/software/comments/{staticPackageId}
| Key | Type | Description |
|---|---|---|
Tenant | Sophos Tenant | The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field. |
Static Packages* | Sophos Static Package | None Provided |
Update Static Package Commentβ
Add/Update the static package comment
PUT /endpoint/v1/software/comments/{staticPackageId}
| Key | Type | Description |
|---|---|---|
Tenant | Sophos Tenant | The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field. |
Static Packages* | Sophos Static Package | None Provided |
Comment* | String (?) | Comment indicating why the item should be allowed |
Delete Static Package Commentβ
Delete the static package comment
DELETE /endpoint/v1/software/comments/{staticPackageId}
| Key | Type | Description |
|---|---|---|
Tenant | Sophos Tenant | The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field. |
Static Packages* | Sophos Static Package | None Provided |
Partner Admins
List Partner Adminsβ
List all partner admins
GET /partner/v1/admins
| Key | Type | Description |
|---|---|---|
X-Partner-ID* | String (?) | Partner ID |
Sort | Array | Defines how to sort the data |
Fields | String (?) | The fields to return in a partial response |
Search | String (?) | Search for items that match the given terms |
String (?) | None Provided | |
Partner Role | Sophos Partner Role | Role ID |
With Access To Tenant | String (?) | Search for admins that have access to the given tenant |
Create Partner Adminβ
Create a new partner administrator
POST /partner/v1/admins
| Key | Type | Description |
|---|---|---|
X-Partner-ID* | String (?) | Partner ID |
Username | String (?) | Administrator username (email) |
Get Partner Adminβ
Get partner administrator details by ID
GET /partner/v1/admins/{adminId}
| Key | Type | Description |
|---|---|---|
X-Partner-ID* | String (?) | Partner ID |
Partner Admin* | Sophos Partner Admin | Admin ID |
List All Partner Rolesβ
Get the list of role assignments for a given admin
GET /partner/v1/admins/{adminId}/role-assignments
| Key | Type | Description |
|---|---|---|
X-Partner-ID* | String (?) | Partner ID |
Partner Admin* | Sophos Partner Admin | Admin ID |
Assign A Partner Admin Roleβ
Assign a role to a partner administrator
POST /partner/v1/admins/{adminId}/role-assignments
| Key | Type | Description |
|---|---|---|
X-Partner-ID* | String (?) | Partner ID |
Partner Admin* | Sophos Partner Admin | Admin ID |
Partner Role* | Sophos Partner Role | Role ID |
Get Partner Admin Role Assignmentβ
Get partner administrator role assignment by ID
GET /partner/v1/admins/{adminId}/role-assignments/{assignmentId}
| Key | Type | Description |
|---|---|---|
X-Partner-ID* | String (?) | Partner ID |
Partner Admin* | Sophos Partner Admin | Admin ID |
Partner Role Assignment* | Sophos Partner Role Assignment | Role Assignment ID |
Remove A Partner Admin Role Assignmentβ
Remove role assignment from a partner admin
DELETE /partner/v1/admins/{adminId}/role-assignments/{assignmentId}
| Key | Type | Description |
|---|---|---|
X-Partner-ID* | String (?) | Partner ID |
Partner Admin* | Sophos Partner Admin | Admin ID |
Partner Role Assignment* | Sophos Partner Role Assignment | Role Assignment ID |
Profileβ
| Key | Type | Description |
|---|---|---|
Name | String (?) | Full name |
firstName | String (?) | None Provided |
lastName | String (?) | None Provided |
phone | String (?) | None Provided |
mobile | String (?) | None Provided |
fax | String (?) | None Provided |
Partnerroleassignmentβ
| Key | Type | Description |
|---|---|---|
roleId | String (?) | Role UUID |
Scopeβ
| Key | Type | Description |
|---|---|---|
Type* | String | Role assignment scope type |
Tenant | String (?) | Tenant ID. Optional when |
Partner Billing
List Partner Usage Reportβ
Gets a partner usage report for a particular month and year
GET /partner/v1/billing/usage/{year}/{month}
| Key | Type | Description |
|---|---|---|
X-Partner-ID | String (?) | Partner ID |
Month* | String (?) | Month of the year |
Year* | String (?) | Year |
Fields | String (?) | The fields to return in a partial response |
Contact Email | String (?) | Tenant email for contact |
Tenant* | Sophos Tenant | The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field. |
Partner Role Management
List Partner Rolesβ
List all partner roles
GET /partner/v1/roles
| Key | Type | Description |
|---|---|---|
X-Partner-ID | String (?) | Partner ID |
Type | String (?) | Role type |
Principal Type | String | Principal type of role |
Fields | String (?) | The fields to return in a partial response |
Create Partner Roleβ
Create a new partner role
POST /partner/v1/roles
| Key | Type | Description |
|---|---|---|
X-Partner-ID | String (?) | Partner ID |
Fields | String (?) | The fields to return in a partial response |
Name | String (?) | Role name |
Description | String (?) | Group description |
Principal Type | String | Principal type of role |
Permission Sets | String (?) | List of permission sets |
Get Partner Roleβ
Get a partner role by ID
GET /partner/v1/roles/{roleId}
| Key | Type | Description |
|---|---|---|
X-Partner-ID | String (?) | Partner ID |
Partner Role* | Sophos Partner Role | Role ID |
Fields | String (?) | The fields to return in a partial response |
Delete Partner Roleβ
Delete a partner role by ID
DELETE /partner/v1/roles/{roleId}
| Key | Type | Description |
|---|---|---|
X-Partner-ID | String (?) | Partner ID |
Partner Role* | Sophos Partner Role | Role ID |
Update Partner Roleβ
Update an existing partner role
PATCH /partner/v1/roles/{roleId}
| Key | Type | Description |
|---|---|---|
X-Partner-ID | String (?) | Partner ID |
Partner Role* | Sophos Partner Role | Role ID |
Fields | String (?) | The fields to return in a partial response |
Name | String (?) | Role name |
Description | String (?) | Group description |
Permission Sets | String (?) | List of permission sets |
Get Partner Role Permission Setsβ
Get permission set details for a Partner Role
GET /partner/v1/roles/permission-sets
| Key | Type | Description |
|---|---|---|
X-Partner-ID | String (?) | Partner ID |
Fields | String (?) | The fields to return in a partial response |
Type | String (?) | Permission set type |
Product | Array | Alerts for a product. You can query by product types |
Access | String | Access level of permission set |
Allowed In Custom Role | String (?) | Filter permissions sets allowed in custom roles |
Principal Type | String | Principal type of role |
Peripheral Control
List Peripheralsβ
Get all the peripherals
GET /endpoint/v1/settings/peripheral-control/peripherals
| Key | Type | Description |
|---|---|---|
Tenant | Sophos Tenant | The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field. |
Last Seen After | String (?) | Find endpoints that were last seen after the given date and time (UTC) or a duration relative to the current date and time (inclusive). |
Type | String (?) | One or more peripheral types to include |
Get Peripheralβ
Get a peripheral by ID
GET /endpoint/v1/settings/peripheral-control/peripherals/{peripheralId}
| Key | Type | Description |
|---|---|---|
Tenant | Sophos Tenant | The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field. |
Peripheral* | Sophos Peripheral | None Provided |
Policy Management
List Policiesβ
List the policies of a tenant
GET /endpoint/v1/policies
| Key | Type | Description |
|---|---|---|
Tenant | Sophos Tenant | The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field. |
Policy Type | String | Policy type |
Fields | String (?) | The fields to return in a partial response |
Create Policyβ
Create a new policy
POST /endpoint/v1/policies
| Key | Type | Description |
|---|---|---|
Tenant | Sophos Tenant | The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field. |
Name* | String (?) | Policy name |
Type* | String (?) | Policy type |
Priority* | String (?) | Policy priority |
Enabled | String (?) | Whether Tamper Protection should be turned on for the endpoint |
Disable At* | String (?) | When the policy should be turned off |
Applies To* | String (?) | None Provided |
Settings | String (?) | Settings for this object |
Get Policy Setting Metadataβ
Get a list of metadata for the policy settings
GET /endpoint/v1/policies/settings
| Key | Type | Description |
|---|---|---|
Tenant | Sophos Tenant | The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field. |
Policy Type | String | Policy type |
Get Policyβ
Gets a policy's details
GET /endpoint/v1/policies/{policyId}
| Key | Type | Description |
|---|---|---|
Tenant | Sophos Tenant | The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field. |
Policy* | Sophos Policy | None Provided |
Update Policyβ
Update policy. Note you can only change the settings for a base policy
PATCH /endpoint/v1/policies/{policyId}
| Key | Type | Description |
|---|---|---|
Tenant | Sophos Tenant | The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field. |
Policy* | Sophos Policy | None Provided |
Name | String (?) | Policy name |
Priority* | String (?) | Policy priority |
Enabled | String (?) | Whether Tamper Protection should be turned on for the endpoint |
Disable At* | String (?) | When the policy should be turned off |
Applies To* | String (?) | None Provided |
Settings | String (?) | Settings for this object |
Delete Policyβ
Deletes a policy
DELETE /endpoint/v1/policies/{policyId}
| Key | Type | Description |
|---|---|---|
Tenant | Sophos Tenant | The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field. |
Policy* | Sophos Policy | None Provided |
List Policy Settingsβ
Gets a list of policy settings
GET /endpoint/v1/policies/{policyId}/settings
| Key | Type | Description |
|---|---|---|
Tenant | Sophos Tenant | The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field. |
Policy* | Sophos Policy | None Provided |
Update Policy Settingsβ
Updates policy settings
PATCH /endpoint/v1/policies/{policyId}/settings
| Key | Type | Description |
|---|---|---|
Tenant | Sophos Tenant | The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field. |
Policy* | Sophos Policy | None Provided |
ordereddict([('description', 'Keys have specific names documented here'), ('type', 'object'), ('x-anchor-description', 'JSON Schema object data type')])
Reset All Settings For A Policyβ
Reset policy settings
POST /endpoint/v1/policies/{policyId}/settings/reset
| Key | Type | Description |
|---|---|---|
Tenant | Sophos Tenant | The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field. |
Policy* | Sophos Policy | None Provided |
Get Policy Setting Valueβ
Get the value of a setting key in a policy
GET /endpoint/v1/policies/{policyId}/settings/{settingKey}
| Key | Type | Description |
|---|---|---|
Tenant | Sophos Tenant | The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field. |
Policy* | Sophos Policy | None Provided |
Setting Key* | String (?) | Setting key |
Reset Single Policy Settingβ
Reset a setting to its default value
POST /endpoint/v1/policies/{policyId}/settings/{settingKey}/reset
| Key | Type | Description |
|---|---|---|
Tenant | Sophos Tenant | The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field. |
Policy* | Sophos Policy | None Provided |
Setting Key* | String (?) | Setting key |
Clone Policyβ
Clone a policy
POST /endpoint/v1/policies/{policyId}/clone
| Key | Type | Description |
|---|---|---|
Tenant | Sophos Tenant | The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field. |
Policy* | Sophos Policy | None Provided |
Name | String (?) | Name of the newly cloned policy |
Get Base Policyβ
Get base policy for a policy type
GET /endpoint/v1/policies/{policyType}/base
| Key | Type | Description |
|---|---|---|
Tenant | Sophos Tenant | The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field. |
Policy Type* | String | Policy type |
Update Base Policyβ
Update base policy. Note that only settings can be changed
PATCH /endpoint/v1/policies/{policyType}/base
| Key | Type | Description |
|---|---|---|
Tenant | Sophos Tenant | The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field. |
Policy Type* | String | Policy type |
Settings | String (?) | Settings for this object |
Get Base Policy Settingsβ
Get settings of the base policy for a policy type
GET /endpoint/v1/policies/{policyType}/base/settings
| Key | Type | Description |
|---|---|---|
Tenant | Sophos Tenant | The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field. |
Policy Type* | String | Policy type |
Update Base Policy Settingsβ
Update settings in the base policy for a policy type
PATCH /endpoint/v1/policies/{policyType}/base/settings
| Key | Type | Description |
|---|---|---|
Tenant | Sophos Tenant | The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field. |
Policy Type* | String | Policy type |
ordereddict([('description', 'Keys have specific names documented here'), ('type', 'object'), ('x-anchor-description', 'JSON Schema object data type')])
Reset Base Policy Settingsβ
Reset the settings in a base policy
POST /endpoint/v1/policies/{policyType}/base/settings/reset
| Key | Type | Description |
|---|---|---|
Tenant | Sophos Tenant | The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field. |
Policy Type* | String | Policy type |
Get Base Policy Settingβ
Get the value of a setting in the base policy for a policy type
GET /endpoint/v1/policies/{policyType}/base/settings/{settingKey}
| Key | Type | Description |
|---|---|---|
Tenant | Sophos Tenant | The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field. |
Policy Type* | String | Policy type |
Setting Key* | String (?) | Setting key |
Update Base Policy Settingβ
Update a setting in the base policy
PATCH /endpoint/v1/policies/{policyType}/base/settings/{settingKey}
| Key | Type | Description |
|---|---|---|
Tenant | Sophos Tenant | The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field. |
Policy Type* | String | Policy type |
Setting Key* | String (?) | Setting key |
Reset Setting In Base Policyβ
Reset a setting in the base policy to its default value
POST /endpoint/v1/policies/{policyType}/base/settings/{settingKey}/reset
| Key | Type | Description |
|---|---|---|
Tenant | Sophos Tenant | The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field. |
Policy Type* | String | Policy type |
Setting Key* | String (?) | Setting key |
Clone Base Policyβ
Clone a new policy from the base policy for a policy type
POST /endpoint/v1/policies/{policyType}/base/clone
| Key | Type | Description |
|---|---|---|
Tenant | Sophos Tenant | The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field. |
Policy Type* | String | Policy type |
Name | String (?) | Name of the newly cloned policy |
Scanning Exclusions
List Scanning Exclusionsβ
List scanning exclusions
GET /endpoint/v1/settings/exclusions/scanning
| Key | Type | Description |
|---|---|---|
Tenant | Sophos Tenant | The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field. |
Type | String (?) | Scanning Exclusion type |
Add Scanning Exclusionβ
Add a new scanning exclusion
POST /endpoint/v1/settings/exclusions/scanning
| Key | Type | Description |
|---|---|---|
Tenant | Sophos Tenant | The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field. |
Value* | String (?) | Exclusion value |
Type* | String (?) | Scanning exclusion type |
Scan Mode* | String (?) | Default value of scan mode is \"onDemandAndOnAccess\" for exclusions of type path, posixPath and virtualPath, \"onAccess\" for process, web, pua, amsi. Behavioral and Detected Exploits (exploitMitigation) type exclusions do not support a scan mode. |
Comment* | String (?) | Comment indicating why the item should be allowed |
Get Scanning Exclusionβ
Get a scanning exclusion by ID
GET /endpoint/v1/settings/exclusions/scanning/{exclusionId}
| Key | Type | Description |
|---|---|---|
Tenant | Sophos Tenant | The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field. |
Scanning Exclusion* | Sophos Scanning Exclusion | Exclusion ID |
Update Scanning Exclusionβ
Update a scanning exclusion by ID
PATCH /endpoint/v1/settings/exclusions/scanning/{exclusionId}
| Key | Type | Description |
|---|---|---|
Tenant | Sophos Tenant | The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field. |
Scanning Exclusion* | Sophos Scanning Exclusion | Exclusion ID |
Value* | String (?) | Exclusion value |
Scan Mode* | String (?) | Default value of scan mode is \"onDemandAndOnAccess\" for exclusions of type path, posixPath and virtualPath, \"onAccess\" for process, web, pua, amsi. Behavioral and Detected Exploits (exploitMitigation) type exclusions do not support a scan mode. |
Comment* | String (?) | Comment indicating why the item should be allowed |
Delete Scanning Exclusionβ
Deletes a scanning exclusion
DELETE /endpoint/v1/settings/exclusions/scanning/{exclusionId}
| Key | Type | Description |
|---|---|---|
Tenant | Sophos Tenant | The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field. |
Scanning Exclusion* | Sophos Scanning Exclusion | Exclusion ID |
Scans
Scan Endpointβ
Sends a request to the specified endpoint to perform or configure a scan
POST /endpoint/v1/endpoints/{endpointId}/scans
| Key | Type | Description |
|---|---|---|
Tenant | Sophos Tenant | The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field. |
Endpoint* | Sophos Endpoint | None Provided |
ordereddict([('description', 'Request to configure or perform a scan on the endpoint'), ('type', 'object'), ('x-anchor-description', 'JSON Schema object data type')])
Tamper Protection
Get Endpoint's Tamper Protection Settingsβ
Get Tamper Protection settings for a specified endpoint
GET /endpoint/v1/endpoints/{endpointId}/tamper-protection
| Key | Type | Description |
|---|---|---|
Tenant | Sophos Tenant | The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field. |
Endpoint* | Sophos Endpoint | None Provided |
Update Endpoint Tamper Protection Settingsβ
Turns Tamper Protection on or off on an endpoint. Or generates a new Tamper Protection password Note that Tamper Protection can be turned on for an endpoint only if it has also been turned on globally.
POST /endpoint/v1/endpoints/{endpointId}/tamper-protection
| Key | Type | Description |
|---|---|---|
Tenant | Sophos Tenant | The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field. |
Endpoint* | Sophos Endpoint | None Provided |
Enabled | String (?) | Whether Tamper Protection should be turned on for the endpoint |
Regenerate Password | String (?) | Whether a new Tamper Protection password should be generated |
Tenant Access
List Tenant Adminsβ
List all tenant admins
GET /common/v1/admins
| Key | Type | Description |
|---|---|---|
Tenant | Sophos Tenant | The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field. |
Sort | Array | Defines how to sort the data |
Fields | String (?) | The fields to return in a partial response |
Search | String (?) | Search for items that match the given terms |
Search Fields | Array | Search only within the specified fields, username field is default if search query is specified |
Tenant Role | Sophos Tenant Role | Role ID |
Create Tenant Adminβ
Create a tenant admin from a directory user
POST /common/v1/admins
| Key | Type | Description |
|---|---|---|
Tenant | Sophos Tenant | The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field. |
Fields | String (?) | The fields to return in a partial response |
User | Sophos User | None Provided |
Get Tenant Adminβ
Get admin details by ID
GET /common/v1/admins/{adminId}
| Key | Type | Description |
|---|---|---|
Tenant | Sophos Tenant | The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field. |
Tenant Admin* | Sophos Tenant Admin | Admin ID |
Fields | String (?) | The fields to return in a partial response |
Delete Tenant Adminβ
Remove an admin by ID
DELETE /common/v1/admins/{adminId}
| Key | Type | Description |
|---|---|---|
Tenant | Sophos Tenant | The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field. |
Tenant Admin* | Sophos Tenant Admin | Admin ID |
List All Roles For Adminβ
Get the list of role assignments for a given admin
GET /common/v1/admins/{adminId}/role-assignments
| Key | Type | Description |
|---|---|---|
Tenant | Sophos Tenant | The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field. |
Tenant Admin* | Sophos Tenant Admin | Admin ID |
Assign A Role To A Tenant Adminβ
Assign a role of principal type "user" to a tenant admin Any existing assignment is overridden
POST /common/v1/admins/{adminId}/role-assignments
| Key | Type | Description |
|---|---|---|
Tenant | Sophos Tenant | The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field. |
Tenant Admin* | Sophos Tenant Admin | Admin ID |
Tenant Role | Sophos Tenant Role | Role ID |
Get Specific Tenant Admin's Role Informationβ
Get tenant admin role assignment information by ID
GET /common/v1/admins/{adminId}/role-assignments/{assignmentId}
| Key | Type | Description |
|---|---|---|
Tenant | Sophos Tenant | The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field. |
Tenant Admin* | Sophos Tenant Admin | Admin ID |
Tenant Role Assignment* | Sophos Tenant Role Assignment | Role Assignment ID |
Remove Tenant Admin Role Assignmentβ
Remove role assignment from an admin account
DELETE /common/v1/admins/{adminId}/role-assignments/{assignmentId}
| Key | Type | Description |
|---|---|---|
Tenant | Sophos Tenant | The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field. |
Tenant Admin* | Sophos Tenant Admin | Admin ID |
Tenant Role Assignment* | Sophos Tenant Role Assignment | Role Assignment ID |
Role Assignmentβ
| Key | Type | Description |
|---|---|---|
roleId | String (?) | Role UUID |
Tenant Role Management
List Tenant Rolesβ
List all roles in the tenant
GET /common/v1/roles
| Key | Type | Description |
|---|---|---|
Tenant | Sophos Tenant | The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field. |
Type | String (?) | Role type |
Principal Type | String | Principal type of role |
Fields | String (?) | The fields to return in a partial response |
Create Tenant Roleβ
Create a new tenant role
POST /common/v1/roles
| Key | Type | Description |
|---|---|---|
Tenant | Sophos Tenant | The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field. |
Fields | String (?) | The fields to return in a partial response |
Name | String (?) | Role name |
Description | String (?) | Group description |
Principal Type | String | Principal type of role |
Permission Sets | String (?) | List of permission sets |
Get Tenant Roleβ
Get Tenant Role by ID
GET /common/v1/roles/{roleId}
| Key | Type | Description |
|---|---|---|
Tenant | Sophos Tenant | The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field. |
Tenant Role* | Sophos Tenant Role | Role ID |
Fields | String (?) | The fields to return in a partial response |
Delete Tenant Roleβ
Delete a tenant role by ID
DELETE /common/v1/roles/{roleId}
| Key | Type | Description |
|---|---|---|
Tenant | Sophos Tenant | The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field. |
Tenant Role* | Sophos Tenant Role | Role ID |
Update Tenant Roleβ
Update an existing tenant role
PATCH /common/v1/roles/{roleId}
| Key | Type | Description |
|---|---|---|
Tenant | Sophos Tenant | The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field. |
Tenant Role* | Sophos Tenant Role | Role ID |
Fields | String (?) | The fields to return in a partial response |
Name | String (?) | Role name |
Description | String (?) | Group description |
Permission Sets | String (?) | List of permission sets |
List Tenant Role Permission Setsβ
Get permission set details for roles
GET /common/v1/roles/permission-sets
| Key | Type | Description |
|---|---|---|
Tenant | Sophos Tenant | The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field. |
Fields | String (?) | The fields to return in a partial response |
Type | String (?) | Permission set type |
Product | Array | Alerts for a product. You can query by product types |
Access | String | Access level of permission set |
Allowed In Custom Role | String (?) | Filter permissions sets allowed in custom roles |
Principal Type | String | Principal type of role |
Tenants
Create Tenantβ
Create a new tenant
POST /partner/v1/tenants
| Key | Type | Description |
|---|---|---|
X-Partner-ID | String (?) | Partner ID |
Fields | String (?) | The fields to return in a partial response |
Show As | String (?) | Tenant display name |
True True| required | | None Provided | | Name* | String (?) | Tenant name. This cannot be changed after the tenant has been created | | Data Geography | String (?) | Geographical location where the tenant data is stored | | Billing Type | String (?) | Billing type |
List Tenantsβ
List all the tenants for a partner
GET /partner/v1/tenants
| Key | Type | Description |
|---|---|---|
X-Partner-ID | String (?) | Partner ID |
Fields | String (?) | The fields to return in a partial response |
Get Tenantβ
Get a tenant by ID
GET /partner/v1/tenants/{tenantId}
| Key | Type | Description |
|---|---|---|
X-Partner-ID | String (?) | Partner ID |
Tenant* | Sophos Tenant | The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field. |
Fields | String (?) | The fields to return in a partial response |
Contactβ
| Key | Type | Description |
|---|---|---|
firstName | String (?) | None Provided |
lastName | String (?) | None Provided |
String (?) | None Provided | |
phone | String (?) | None Provided |
mobile | String (?) | None Provided |
fax | String (?) | None Provided |
address | String (?) | None Provided |
Update Checks
Request Endpoint Update Checkβ
Sends a request to the endpoint to check for Sophos management agent software updates
POST /endpoint/v1/endpoints/{endpointId}/update-checks
| Key | Type | Description |
|---|---|---|
Tenant | Sophos Tenant | The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field. |
Endpoint* | Sophos Endpoint | None Provided |
ordereddict([('description', 'Request to the endpoint to check for updates to the Sophos agent software and protection data'), ('type', 'object'), ('x-anchor-description', 'JSON Schema object data type')])
Web Controls
List Local Sitesβ
Get all sites for the tenant
GET /endpoint/v1/settings/web-control/local-sites
| Key | Type | Description |
|---|---|---|
Tenant | Sophos Tenant | The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field. |
Add Local Site Exclusionβ
Adds a new local site to your exclusions
POST /endpoint/v1/settings/web-control/local-sites
| Key | Type | Description |
|---|---|---|
Tenant | Sophos Tenant | The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field. |
Website Category | Sophos Website Category | Category associated with this local site. |
Tags | Array | Array of tags associated with this local site setting. Either |
True True| required | | None Provided | | URL | String (?) | None Provided | | Comment* | String (?) | Comment indicating why the item should be allowed |
Get Local Siteβ
Get a local site by ID
GET /endpoint/v1/settings/web-control/local-sites/{localSiteId}
| Key | Type | Description |
|---|---|---|
Tenant | Sophos Tenant | The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field. |
Local Site* | String (?) | Local site ID |
Update Local Siteβ
Update a local site definition
PATCH /endpoint/v1/settings/web-control/local-sites/{localSiteId}
| Key | Type | Description |
|---|---|---|
Tenant | Sophos Tenant | The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field. |
Local Site* | String (?) | Local site ID |
Website Category | Sophos Website Category | Category associated with this local site. |
Tags | Array | Array of tags associated with this local site setting. Either |
URL | String (?) | None Provided |
Comment* | String (?) | Comment indicating why the item should be allowed |
Delete Local Siteβ
Deletes the specified local site
DELETE /endpoint/v1/settings/web-control/local-sites/{localSiteId}
| Key | Type | Description |
|---|---|---|
Tenant | Sophos Tenant | The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field. |
Local Site* | String (?) | Local site ID |
List Web Categoriesβ
Get all Web Control categories
GET /endpoint/v1/settings/web-control/categories
| Key | Type | Description |
|---|---|---|
Tenant | Sophos Tenant | The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field. |
List SSL/Tls Settingsβ
Get settings for SSL/TLS decryption of HTTPS websites
GET /endpoint/v1/settings/web-control/tls-decryption
| Key | Type | Description |
|---|---|---|
Tenant | Sophos Tenant | The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field. |
Update SSL/Tls Settingsβ
Update settings for SSL/TLS decryption of HTTPS websites
PATCH /endpoint/v1/settings/web-control/tls-decryption
| Key | Type | Description |
|---|---|---|
Tenant | Sophos Tenant | The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field. |
Enabled | String (?) | Whether Tamper Protection should be turned on for the endpoint |
List SSL/Tls Excluded Sitesβ
List of websites excluded from SSL/TLS decryption
GET /endpoint/v1/settings/web-control/tls-decryption/excluded-websites
| Key | Type | Description |
|---|---|---|
Tenant | Sophos Tenant | The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field. |
Update SSL/Tls Exclusionsβ
Add and remove websites excluded from SSL/TLS decryption
PATCH /endpoint/v1/settings/web-control/tls-decryption/excluded-websites
| Key | Type | Description |
|---|---|---|
Tenant | Sophos Tenant | The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field. |
Clear SSL/Tls Website Exclusionsβ
Clears the list of websites excluded from SSL/TLS decryption
DELETE /endpoint/v1/settings/web-control/tls-decryption/excluded-websites
| Key | Type | Description |
|---|---|---|
Tenant | Sophos Tenant | The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field. |
Categoryβ
| Key | Type | Description |
|---|---|---|
id | String (?) | Web decryption category ID matching the Web Control categories |
decryptionEnabled | String (?) | Whether web decryption is enabled on websites in this category |
Websitestoaddβ
| Key | Type | Description |
|---|---|---|
value | String (?) | Website IP address, IP address range or domain |
comment | String (?) | Comment indicating why the site was excluded |
Removeβ
| Key | Type | Description |
|---|---|---|
value | String (?) | Website IP address, IP address range or domain |
comment | String (?) | Comment indicating why the site was excluded |
Last updated
