Sophos Integration Setup

Integrating Rewst with Sophos brings robust cybersecurity capabilities to your Rewst workflows, enhancing data protection and threat management. With the integration, Rewst users can leverage Sophos' advanced security solutions to strengthen their defense against cyber threats. This includes features such as malware detection, ransomware protection, network security, and endpoint protection. By integrating Sophos into Rewst, users can enhance their security posture, mitigate risks, and safeguard sensitive data. The integration empowers users to proactively manage their cybersecurity within the Rewst platform, ensuring a secure environment for their operations and protecting against evolving threats.

Setup

To set up the Sophos Integration, you'll need to do the following:

Navigate to the Global Settings of Sophos and locate the API Credentials Management section.
Click on the "Add Credential" button to initiate the process of adding a new credential.
Provide a name and description for the credential to identify and distinguish it from others.
Choose the role that will be assigned to this credential. The available roles to choose from can be viewed here.
Navigate to the integrations page in Rewst.
Click on the Sophos integration.
Fill out the integration form.
Submit the form.

We'll run a quick test to ensure that the credentials are valid and that we can successfully connect to the Sophos API.

Actions

Alerts

List Alerts

List alerts matching specified criteria

GET /common/v1/alerts

Key	Type	Description
Tenant	Sophos Tenant	The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Group Key	String (?)	Alert group key. You can filter by group key
From	String (?)	You can find alerts that were raised on or after this time
To	String (?)	You can find alerts that were raised before this time
Sort	Array	Defines how to sort the data
Product	Array	Alerts for a product. You can query by product types
Category	Array	Alert category. You can query by different categories
Severity	Array	Alerts for a specific severity level. You can query by severity levels
Alerts	String (?)	List of IDs
Fields	String (?)	The fields to return in a partial response

Get Alert

Get details of a specific alert

GET /common/v1/alerts/{alertId}

Key	Type	Description
Tenant	Sophos Tenant	The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Alert*	Sophos Alert	None Provided

Take Action On Alert

Take an action on a specific alert

POST /common/v1/alerts/{alertId}/actions

Key	Type	Description
Tenant	Sophos Tenant	The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Alert*	Sophos Alert	None Provided
Action*	String (?)	Actions that you can perform on these alerts
Message	String (?)	Message to send for the action

Allowed Items

List Exemptions

Get all allowed items from settings

GET /endpoint/v1/settings/allowed-items

Key	Type	Description
Tenant	Sophos Tenant	The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.

Create Exemption

Exempt an item from conviction

POST /endpoint/v1/settings/allowed-items

Key	Type	Description
Tenant	Sophos Tenant	The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Type*	String (?)	Property by which an item is allowed
Comment*	String (?)	Comment indicating why the item should be allowed
Origin Person*	String (?)	Person associated with the endpoint where the item to be allowed was last seen
Origin Endpoint	String (?)	Endpoint where the item to be allowed was last seen

Get Exemption

Get an exemption by ID

GET /endpoint/v1/settings/allowed-items/{allowedItemId}

Key	Type	Description
Tenant	Sophos Tenant	The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Blocked Item*	Sophos Blocked Item	None Provided

Update Exemption

Update an exemption

PATCH /endpoint/v1/settings/allowed-items/{allowedItemId}

Key	Type	Description
Tenant	Sophos Tenant	The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Blocked Item*	Sophos Blocked Item	None Provided
Comment*	String (?)	Comment indicating why the item should be allowed

Delete Exemption

Deletes the specified exemption

DELETE /endpoint/v1/settings/allowed-items/{allowedItemId}

Key	Type	Description
Tenant	Sophos Tenant	The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Blocked Item*	Sophos Blocked Item	None Provided

Property

Key	Type	Description
File Name*	String (?)	File name
Path*	String (?)	Path for the application
Sha256*	String (?)	Sha256 value for the application
Certificate Signer*	String (?)	Value saved for the certificateSigner

Blocked Items

List Quarantined Items

Get all blocked items

GET /endpoint/v1/settings/blocked-items

Key	Type	Description
Tenant	Sophos Tenant	The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.

Add Item To Quarantine

Block an item from exoneration

POST /endpoint/v1/settings/blocked-items

Key	Type	Description
Tenant	Sophos Tenant	The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Type*	String (?)	Property by which an item is blocked
Comment*	String (?)	Comment indicating why the item should be allowed

Get Quarantined Item

Get a blocked item by ID

GET /endpoint/v1/settings/blocked-items/{blockedItemId}

Key	Type	Description
Tenant	Sophos Tenant	The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Blocked Item*	Sophos Blocked Item	None Provided

Delete From Quarantine

Deletes the specified blocked item

DELETE /endpoint/v1/settings/blocked-items/{blockedItemId}

Key	Type	Description
Tenant	Sophos Tenant	The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Blocked Item*	Sophos Blocked Item	None Provided

Property - Blocked Items

Key	Type	Description
File Name*	String (?)	File name
Path*	String (?)	Path for the application
Sha256*	String (?)	Sha256 value for the application
Certificate Signer*	String (?)	Value saved for the certificateSigner

Directory Management

List Users

List users in the directory

GET /common/v1/directory/users

Key	Type	Description
Tenant	Sophos Tenant	The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Sort	Array	Defines how to sort the data
Fields	String (?)	The fields to return in a partial response
IDs	String (?)	List of item IDs to match
Search	String (?)	Search for items that match the given terms
Search Fields	Array	Search only within the specified fields, username field is default if search query is specified
Source Type	String	Source directory type
User Group	Sophos User Group	None Provided
Domain	String (?)	List the items that match the given domain

Create User

Add a new user to the directory

POST /common/v1/directory/users

Key	Type	Description
Tenant	Sophos Tenant	The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Fields	String (?)	The fields to return in a partial response
Name	String (?)	User's full name
First Name	String (?)	None Provided
Last Name	String (?)	None Provided
Email	String (?)	User's email address
Exchange Login	String (?)	User's Exchange login
User Group	Array	Groups that the user should be added to

Get User

Get a user by ID

GET /common/v1/directory/users/{userId}

Key	Type	Description
Tenant	Sophos Tenant	The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
User*	Sophos User	None Provided
Fields	String (?)	The fields to return in a partial response

Delete User

Delete a user by ID

DELETE /common/v1/directory/users/{userId}

Key	Type	Description
Tenant	Sophos Tenant	The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
User*	Sophos User	None Provided

Update User

Update an existing user

PATCH /common/v1/directory/users/{userId}

Key	Type	Description
Tenant	Sophos Tenant	The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
User*	Sophos User	None Provided
Fields	String (?)	The fields to return in a partial response
Name	String (?)	User's full name
First Name	String (?)	None Provided
Last Name	String (?)	None Provided
Email	String (?)	User's email address
Exchange Login	String (?)	User's Exchange login

List User Groups

List user groups in the directory

GET /common/v1/directory/user-groups

Key	Type	Description
Tenant	Sophos Tenant	The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Sort	Array	Defines how to sort the data
Fields	String (?)	The fields to return in a partial response
IDs	String (?)	List of item IDs to match
Search	String (?)	Search for items that match the given terms
Search Fields	Array	Search only within the specified fields, username field is default if search query is specified
Source Type	String	Source directory type
User	Sophos User	None Provided
Domain	String (?)	List the items that match the given domain

Create User Group

Add a new group to the directory

POST /common/v1/directory/user-groups

Key	Type	Description
Tenant	Sophos Tenant	The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Fields	String (?)	The fields to return in a partial response
Name	String (?)	Group name
Description	String (?)	Group description
Users	Array	Users in the group

Get User Group

Get a user group by ID

GET /common/v1/directory/user-groups/{groupId}

Key	Type	Description
Tenant	Sophos Tenant	The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
User Group*	Sophos User Group	None Provided
Fields	String (?)	The fields to return in a partial response

Delete User Group

Deletes the specified user group. The group must be empty.

DELETE /common/v1/directory/user-groups/{groupId}

Key	Type	Description
Tenant	Sophos Tenant	The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
User Group*	Sophos User Group	None Provided

Update User Group

Update a user group

PATCH /common/v1/directory/user-groups/{groupId}

Key	Type	Description
Tenant	Sophos Tenant	The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
User Group*	Sophos User Group	None Provided
Fields	String (?)	The fields to return in a partial response
Name	String (?)	New group name
Description	String (?)	Group description

Get User Group Membership

List groups that a user belongs to

GET /common/v1/directory/users/{userId}/groups

Key	Type	Description
Tenant	Sophos Tenant	The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
User*	Sophos User	None Provided
Sort	Array	Defines how to sort the data
Fields	String (?)	The fields to return in a partial response
Search	String (?)	Search for items that match the given terms
Search Fields	Array	Search only within the specified fields, username field is default if search query is specified
Source Type	String	Source directory type
Domain	String (?)	List the items that match the given domain

Add User To Group(S)

Add a user to multiple groups

POST /common/v1/directory/users/{userId}/groups

Key	Type	Description
Tenant	Sophos Tenant	The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
User*	Sophos User	None Provided
IDs	String (?)	List of group IDs

Remove User From Group(S)

Remove a user from multiple groups

DELETE /common/v1/directory/users/{userId}/groups

Key	Type	Description
Tenant	Sophos Tenant	The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
User*	Sophos User	None Provided
User Groups	String (?)	List of group IDs

List Users In Group

List users in the specified group

GET /common/v1/directory/user-groups/{groupId}/users

Key	Type	Description
Tenant	Sophos Tenant	The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
User Group*	Sophos User Group	None Provided
Sort	Array	Defines how to sort the data
Fields	String (?)	The fields to return in a partial response
Search	String (?)	Search for items that match the given terms
Search Fields	Array	Search only within the specified fields, username field is default if search query is specified
Source Type	String	Source directory type
Domain	String (?)	List the items that match the given domain

Add User(S) To Group

Add multiple users to the specified group

POST /common/v1/directory/user-groups/{groupId}/users

Key	Type	Description
Tenant	Sophos Tenant	The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
User Group*	Sophos User Group	None Provided
Users	String (?)	List of user IDs

Remove User(S) From Group

Remove multiple users from a group

DELETE /common/v1/directory/user-groups/{groupId}/users

Key	Type	Description
Tenant	Sophos Tenant	The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
User Group*	Sophos User Group	None Provided
Users	String (?)	List of user IDs

Downloads

List Endpoint Installer Links

Get all the endpoint installer links for a tenant

GET /endpoint/v1/downloads

Key	Type	Description
Tenant	Sophos Tenant	The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Requested Products	Array	Products to include in the installers. All values are given if you don't use filters
Platforms	Array	Specify which platforms to include. All values are given if you don't use filters

Endpoint Groups Management

List Endpoint Groups

Endpoint groups in the directory

GET /endpoint/v1/endpoint-groups

Key	Type	Description
Tenant	Sophos Tenant	The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Group Type	String	Endpoint group type
Sort	Array	Defines how to sort the data
Fields	String (?)	The fields to return in a partial response
Endpoint Groups	String (?)	IDs to match
Search	String (?)	Search for items that match the given terms
Search Fields	Array	Search only within the specified fields, username field is default if search query is specified
Endpoints	Array	Endpoints UUIDs

Create Endpoint Group

Add a new endpoint group to the directory

POST /endpoint/v1/endpoint-groups

Key	Type	Description
Tenant	Sophos Tenant	The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Fields	String (?)	The fields to return in a partial response
Name*	String (?)	Group name
Description	String (?)	Group description
Type*	String (?)	Endpoint group types
Endpoints	Array	Endpoints UUIDs

List Endpoint Groups By Type

Endpoint groups of your specified type in the directory

GET /endpoint/v1/endpoint-groups/types/{groupType}

Key	Type	Description
Tenant	Sophos Tenant	The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Group Type*	String	Endpoint group type
Sort	Array	Defines how to sort the data
Fields	String (?)	The fields to return in a partial response
IDs	String (?)	IDs to match
Search	String (?)	Search for items that match the given terms
Search Fields	Array	Search only within the specified fields, username field is default if search query is specified
Endpoints	Array	Endpoints UUIDs

Get Endpoint Group

Get endpoint group by ID

GET /endpoint/v1/endpoint-groups/{groupId}

Key	Type	Description
Tenant	Sophos Tenant	The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Endpoint Groups*	Sophos Endpoint Group	None Provided
Fields	String (?)	The fields to return in a partial response

Delete Endpoint Group

Delete endpoint group

DELETE /endpoint/v1/endpoint-groups/{groupId}

Key	Type	Description
Tenant	Sophos Tenant	The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Endpoint Groups*	Sophos Endpoint Group	None Provided

Update Endpoint Group

Update endpoint group

PATCH /endpoint/v1/endpoint-groups/{groupId}

Key	Type	Description
Tenant	Sophos Tenant	The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Endpoint Groups*	Sophos Endpoint Group	None Provided
Fields	String (?)	The fields to return in a partial response
Name	String (?)	New group name
Description	String (?)	Group description

List Endpoints In Group

Endpoints in your specified group

GET /endpoint/v1/endpoint-groups/{groupId}/endpoints

Key	Type	Description
Tenant	Sophos Tenant	The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Endpoint Groups*	Sophos Endpoint Group	None Provided
Sort	Array	Defines how to sort the data
Fields	String (?)	The fields to return in a partial response
Search	String (?)	Search for items that match the given terms
Search Fields	Array	Search only within the specified fields, username field is default if search query is specified

Add Endpoint(S) To Group

Add endpoints to your group

POST /endpoint-groups/{groupId}/endpoints

Key	Type	Description
Tenant	Sophos Tenant	The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Endpoint Groups*	Sophos Endpoint Group	None Provided
Endpoints	String (?)	List of endpoint IDs

Remove From Group

Remove endpoints from a group

DELETE /endpoint-groups/{groupId}/endpoints

Key	Type	Description
Tenant	Sophos Tenant	The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Endpoint Groups*	Sophos Endpoint Group	None Provided
IDs	String (?)	Endpoint IDs

Remove Single Endpoint From Group

Remove endpoint from a group

DELETE /endpoint-groups/{groupId}/endpoints/{endpointId}

Key	Type	Description
Tenant	Sophos Tenant	The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Endpoint Groups*	Sophos Endpoint Group	None Provided
Endpoint*	Sophos Endpoint	None Provided

Endpoint Isolation

Configure Endpoint(s) Isolation Settings

Turn on or off endpoint isolation for multiple endpoints

POST /endpoint/v1/endpoints/isolation

Key	Type	Description
Tenant	Sophos Tenant	The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Enabled	String (?)	Whether Tamper Protection should be turned on for the endpoint
Comment*	String (?)	Comment indicating why the item should be allowed
IDs	String (?)	List of endpoints IDs

Get Endpoint's Isolation Settings

Get isolation settings for an endpoint

GET /endpoint/v1/endpoints/{endpointId}/isolation

Key	Type	Description
Tenant	Sophos Tenant	The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Endpoint*	Sophos Endpoint	None Provided

Update Endpoint's Isolation Settings

Update isolation settings for an endpoint

PATCH /endpoint/v1/endpoints/{endpointId}/isolation

Key	Type	Description
Tenant	Sophos Tenant	The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Endpoint*	Sophos Endpoint	None Provided
Enabled	String (?)	Whether Tamper Protection should be turned on for the endpoint
Comment*	String (?)	Comment indicating why the item should be allowed

Endpoints

List Endpoints

Get all the endpoints for the specified tenant

GET /endpoint/v1/endpoints

Key	Type	Description
Tenant	Sophos Tenant	The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Sort	Array	Defines how to sort the data
Health Status	Array	Find endpoints by health status
Type	String (?)	Find endpoints by type
Tamper Protection Enabled	String (?)	Find endpoints by whether Tamper Protection is turned on
Lockdown Status	Array	Find endpoints by lockdown status
Last Seen Before	String (?)	Find endpoints that were last seen before the given date and time (UTC) or a duration relative to the current date and time (exclusive).
Last Seen After	String (?)	Find endpoints that were last seen after the given date and time (UTC) or a duration relative to the current date and time (inclusive).
IDs	String (?)	Find endpoints with the specified IDs
Isolation Status	String	Find endpoints by isolation status
Hostname Contains	String (?)	Find endpoints where the hostname contains the given string Only the first 10 characters of the given string are matched.
Associated Person Contains	String (?)	Find endpoints where the name of the person associated with the endpoint contains the given string Only the first 10 characters of the given string are matched.
Group Name Contains	String (?)	Find endpoints where the name of the group the endpoint is in contains the given string Only the first 10 characters of the given string are matched.
Search	String (?)	Search for items that match the given terms
Search Fields	Array	Search only within the specified fields, username field is default if search query is specified
IP Addresses	Array	Find endpoints by IP addresses
Cloud	Array	Find endpoints that are cloud instances. You must use URL encoding
Fields	String (?)	The fields to return in a partial response
View	String	Type of view to be returned in response
Assigned To Group	String (?)	Whether endpoint is assigned to a group
Endpoint Groups	Array	Groups that the endpoint should be added to
MAC Addresses	Array	Find endpoints by MAC Addresses Can be in EUI-48 or EUI-64 format, case insensitive, colon, hyphen or dot separated, or with no separator e.g. 01:23:45:67:89:AB, 01-23-45-67-89-ab, 0123.4567.89ab, 0123456789ab, 01:23:45:67:89🆎cd:ef.

Get Endpoint

Get an endpoint based on ID

GET /endpoint/v1/endpoints/{endpointId}

Key	Type	Description
Tenant	Sophos Tenant	The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Endpoint*	Sophos Endpoint	None Provided
Fields	String (?)	The fields to return in a partial response
View	String	Type of view to be returned in response

Delete Endpoint

Deletes a specified endpoint

DELETE /endpoint/v1/endpoints/{endpointId}

Key	Type	Description
Tenant	Sophos Tenant	The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Endpoint*	Sophos Endpoint	None Provided

Event Journal

List Event Journal Settings

Get all event journal settings

GET /endpoint/v1/settings/event-journal/{endpointType}

Key	Type	Description
Tenant	Sophos Tenant	The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Endpoint Type*	String	Endpoint type

Update Event Journal Settings

Update settings for event journal size and disk space limits If you specify both a maximum disk space and a maximum journal size, the lower of these limits is used

PATCH /endpoint/v1/settings/event-journal/{endpointType}

Key	Type	Description
Tenant	Sophos Tenant	The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Endpoint Type*	String	Endpoint type
Use Recommended	String (?)	Shows if the recommended setting is required
Disk Space Limit In Mb	String (?)	Maximum size of the event journal (MB)
Disk Space Limit As Percentage	String	Disk space limit for the event journal (percentage). The value 0 will mean Disk space limit is not specified.

Events

Get Events

Get events with timestamps within the last 24 hours

GET /siem/v1/events

Key	Type	Description
X-Tenant-ID	Sophos Tenant	None Provided
limit	String (?)	The maximum number of items to return, default is 200, max is 1000
cursor	String (?)	Identifier for next item in the list, this value is available in response as next_cursor Response will default to last 24 hours if cursor is not within last 24 hours.
from_date	String (?)	The starting date from which alerts will be retrieved defined as Unix timestamp in UTCIgnored if cursor is set. Must be within last 24 hours.
exclude_types	String (?)	The String of list of types of events to be excluded

Exploit Mitigation

List Detected Exploits

Get detected exploits and the number of each detected exploit

GET /endpoint/v1/settings/exploit-mitigation/detected-exploits

Key	Type	Description
Tenant	Sophos Tenant	The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Thumbprint Not In	Array	Filter out detected exploits with these thumbprints

Get Detected Exploit

Get a detected exploit by ID

GET /endpoint/v1/settings/exploit-mitigation/detected-exploits/{detectedExploitId}

Key	Type	Description
Tenant	Sophos Tenant	The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Detected Exploit*	Sophos Detected Exploit	None Provided

List Exploit Mitigation Categories

Lists all the Exploit Mitigation categories

GET /endpoint/v1/settings/exploit-mitigation/categories

Key	Type	Description
Tenant	Sophos Tenant	The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.

List Exploit Mitigation Applications

Get Exploit Mitigation settings for all protected applications

GET /endpoint/v1/settings/exploit-mitigation/applications

Key	Type	Description
Tenant	Sophos Tenant	The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Type	String (?)	Exploit Mitigation Application type
Modified	String (?)	Whether or not Exploit Mitigation Application has been customized

Add Application To Exploit Mitigation Exclusions

Exclude a set of file paths from Exploit Mitigation

POST /endpoint/v1/settings/exploit-mitigation/applications

Key	Type	Description
Tenant	Sophos Tenant	The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Paths	Array	Array of absolute paths to an application file to exclude. You may use HitmanProAlert expansion variables (For example, $desktop, $programfiles). Currently, this array may contain only one application path.

Get Application's Exploit Mitigation Settings

Get Exploit Mitigation settings for an application

GET /endpoint/v1/settings/exploit-mitigation/applications/{exploitMitigationApplicationId}

Key	Type	Description
Tenant	Sophos Tenant	The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Exploit Mitigation Application*	Sophos Exploit Mitigation Application	Exploit Mitigation application ID

Update Application Exploit Mitigation Settings

Update Exploit Mitigation settings for an application

PATCH /endpoint/v1/settings/exploit-mitigation/applications/{exploitMitigationApplicationId}

Key	Type	Description
Tenant	Sophos Tenant	The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Exploit Mitigation Application*	Sophos Exploit Mitigation Application	Exploit Mitigation application ID
Paths	Array	Array of absolute paths to an application file to exclude. You may use HitmanProAlert expansion variables (For example, $desktop, $programfiles). Currently, this array may contain only one application path.

Remove Exploit Mitigation Application

Deletes a custom (user-defined) Exploit Mitigation application by ID. Note you can only delete custom applications A request to delete a system-detected application fails with a 409 Conflict message

DELETE /endpoint/v1/settings/exploit-mitigation/applications/{exploitMitigationApplicationId}

Key	Type	Description
Tenant	Sophos Tenant	The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Exploit Mitigation Application*	Sophos Exploit Mitigation Application	Exploit Mitigation application ID

Modification

Key	Type	Description
protected	String (?)	None Provided
settings	String (?)	None Provided

Firewall Groups

List Firewall Groups

Retrieve firewall groups for a tenant

GET /firewall/v1/firewall-groups

Key	Type	Description
Tenant	Sophos Tenant	The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Recurse Subgroups	String (?)	Whether to include nested child groups or not
Search	String (?)	Search for items that match the given terms
Search Fields	Array	Search only within the specified fields, username field is default if search query is specified

Create Firewall Group

Create firewall group

POST /firewall/v1/firewall-groups

Key	Type	Description
Tenant	Sophos Tenant	The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Name	String (?)	Group name
Config Import Source Firewall	String (?)	ID for the firewall you're importing configuration settings from
Assign Firewalls	Array	IDs for the firewalls you're adding to the group
Firewall Group	Sophos Firewall Group	None Provided

Update Firewall Group

Change firewall group name. You can also assign firewalls to the group. Or remove firewalls from a group

PATCH /firewall/v1/firewall-groups/{groupId}

Key	Type	Description
Tenant	Sophos Tenant	The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Firewall Group*	Sophos Firewall Group	None Provided
Name	String (?)	New group name
Assign Firewalls	Array	IDs for the firewalls you're adding to the group
Unassign Firewalls	Array	IDs for the firewalls you're removing from group

Delete Firewall Group

Delete the firewall group using its ID

DELETE /firewall/v1/firewall-groups/{groupId}

Key	Type	Description
Tenant	Sophos Tenant	The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Firewall Group*	Sophos Firewall Group	None Provided

List Firewall Group Sync Status

Synchronization status for the firewalls in a group

GET /firewall/v1/firewall-groups/{groupId}/firewalls/sync-status

Key	Type	Description
Tenant	Sophos Tenant	The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Firewall Group*	Sophos Firewall Group	None Provided
IDs	String (?)	None Provided

Firewalls

List Firewalls

List of firewalls

GET /firewall/v1/firewalls

Key	Type	Description
Tenant	Sophos Tenant	The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Firewall Group	Sophos Firewall Group	None Provided
Search	String (?)	Search for items that match the given terms

Update Firewall

Update firewalls with supplied values

PATCH /firewall/v1/firewalls/{firewallId}

Key	Type	Description
Tenant	Sophos Tenant	The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Firewall*	Sophos Firewall	None Provided
Name	String (?)	Firewall name

Delete Firewall

Delete firewall using its ID

DELETE /firewall/v1/firewalls/{firewallId}

Key	Type	Description
Tenant	Sophos Tenant	The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Firewall*	Sophos Firewall	None Provided

Run Firewall Action

Action you want to do to a firewall

POST /firewall/v1/firewalls/{firewallId}/action

Key	Type	Description
Tenant	Sophos Tenant	The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Firewall*	Sophos Firewall	None Provided
Action	String (?)	Actions that you can perform on these alerts

Check Firmware

Check firmware for firewalls

POST /firewall/v1/firewalls/actions/firmware-upgrade-check

Key	Type	Description
Tenant	Sophos Tenant	The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Firewalls	Array	None Provided

Upgrade Firewall

Upgrade firewalls

POST /firewall/v1/firewalls/actions/firmware-upgrade

Key	Type	Description
Tenant	Sophos Tenant	The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Firewalls*	Array	None Provided

Cancel Scheduled Firewall Upgrade

Cancel scheduled upgrade for a firewall

DELETE /firewall/v1/firewalls/actions/firmware-upgrade

Key	Type	Description
Tenant	Sophos Tenant	The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Firewalls*	String (?)	None Provided

Geolocation

Key	Type	Description
latitude	String (?)	None Provided
longitude	String (?)	None Provided

Global Tamper Protection

Check Global Tamper Protection Setting

Check whether Tamper Protection is turned on globally

GET /endpoint/v1/settings/tamper-protection

Key	Type	Description
Tenant	Sophos Tenant	The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.

Intrusion Prevention

List Intrusion Prevention Exclusions

Get all Intrusion Prevention exclusions

GET /endpoint/v1/settings/exclusions/intrusion-prevention

Key	Type	Description
Tenant	Sophos Tenant	The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.

Add Intrusion Prevention Exclusion

Add a new Intrusion Prevention exclusion

POST /endpoint/v1/settings/exclusions/intrusion-prevention

Key	Type	Description
Tenant	Sophos Tenant	The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Local Ports	Array	Local protected ports
Remote Ports	Array	Remote protected ports

Get Intrusion Prevention Exclusion

Get an Intrusion Prevention exclusion by ID

GET /endpoint/v1/settings/exclusions/intrusion-prevention/{exclusionId}

Key	Type	Description
Tenant	Sophos Tenant	The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Intrusions Exclusion*	Sophos Intrusions Exclusion	Exclusion ID

Remove Intrusion Prevention Exclusion

Delete an Intrusion Prevention exclusion by ID

DELETE /endpoint/v1/settings/exclusions/intrusion-prevention/{exclusionId}

Key	Type	Description
Tenant	Sophos Tenant	The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Intrusions Exclusion*	Sophos Intrusions Exclusion	Exclusion ID

Update Intrusion Prevention Exclusion

Update an Intrusion Prevention exclusion by ID

PATCH /endpoint/v1/settings/exclusions/intrusion-prevention/{exclusionId}

Key	Type	Description
Tenant	Sophos Tenant	The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Intrusions Exclusion*	Sophos Intrusions Exclusion	Exclusion ID
Local Ports	Array	Local protected ports
Remote Ports	Array	Remote protected ports
Direction	String (?)	Direction property of the intrusion prevention exclusion
Remote Addresses	String (?)	Array of remote addresses for the intrusion prevention exclusion
Comment*	String (?)	Comment indicating why the item should be allowed

Isolation Exclusions

List Isolation Exclusions

Get all isolation exclusions

GET /endpoint/v1/settings/exclusions/isolation

Key	Type	Description
Tenant	Sophos Tenant	The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.

Create Isolation Exclusion

Adds a new Isolation exclusion

POST /endpoint/v1/settings/exclusions/isolation

Key	Type	Description
Tenant	Sophos Tenant	The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Local Ports	Array	Local protected ports
Remote Ports	Array	Remote protected ports

Get Isolation Exclusion

Get a single Isolation exclusion by ID

GET /endpoint/v1/settings/exclusions/isolation/{exclusionId}

Key	Type	Description
Tenant	Sophos Tenant	The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Isolation Exclusion*	Sophos Isolation Exclusion	Exclusion ID

Delete Isolation Exclusion

Deletes an Isolation exclusion

DELETE /endpoint/v1/settings/exclusions/isolation/{exclusionId}

Key	Type	Description
Tenant	Sophos Tenant	The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Isolation Exclusion*	Sophos Isolation Exclusion	Exclusion ID

Update Isolation Exclusion

Updates an Isolation exclusion by ID

PATCH /endpoint/v1/settings/exclusions/isolation/{exclusionId}

Key	Type	Description
Tenant	Sophos Tenant	The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Isolation Exclusion*	Sophos Isolation Exclusion	Exclusion ID
Local Ports	Array	Local protected ports
Remote Ports	Array	Remote protected ports
Direction	String (?)	Direction property of the intrusion prevention exclusion
Remote Addresses	String (?)	Array of remote addresses for the intrusion prevention exclusion
Comment*	String (?)	Comment indicating why the item should be allowed

Migrations

List Migrations

Gets all migration jobs for the tenant

GET /endpoint/v1/migrations

Key	Type	Description
Tenant	Sophos Tenant	The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Mode	String	Filter migration jobs by sending or receiving mode

Start Receiving Migration Job

Start a migration job in the receiving tenant

POST /endpoint/v1/migrations

Key	Type	Description
Tenant	Sophos Tenant	The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
From Tenant	String (?)	Sending tenant
Endpoints	Array	Endpoints UUIDs

Get Migration Job

Get a single migration job

GET /endpoint/v1/migrations/{migrationJobId}

Key	Type	Description
Tenant	Sophos Tenant	The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Migration Job*	Sophos Migration Job	Migration job ID

Start Starting Migration Job

Start a migration job in the sending tenant

PUT /endpoint/v1/migrations/{migrationJobId}

Key	Type	Description
Tenant	Sophos Tenant	The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Migration Job*	Sophos Migration Job	Migration job ID
Token	String (?)	Job token
Endpoints	Array	Endpoints UUIDs

List Migration Endpoint Statuses

Gets the status of endpoints that are being migrated

GET /endpoint/v1/migrations/{migrationJobId}/endpoints

Key	Type	Description
Tenant	Sophos Tenant	The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Migration Job*	Sophos Migration Job	Migration job ID

Packages

List Recommended Packages

Get all Sophos Recommended packages for the tenant

GET /endpoint/v1/software/packages/recommended

Key	Type	Description
Tenant	Sophos Tenant	The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.

List Static Packages

Get all static packages available for the tenant

GET /endpoint/v1/software/packages/static

Key	Type	Description
Tenant	Sophos Tenant	The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Sort	Array	Defines how to sort the data
Endpoint Type*	String	Endpoint type
Platform	String	Filter to the platform of the static package
Type	String (?)	Show the type of static package
Expires From	String (?)	Show static packages that expire on or after this date (inclusive)
Expires To	String (?)	Show static packages that expire before this date (exclusive)
Released From	String (?)	Show static packages that were released on or after this date (inclusive)
Released To	String (?)	Show static packages that were released before this date (exclusive)

Get Static Package

Get an individual static package

GET /endpoint/v1/software/packages/static/{staticPackageId}

Key	Type	Description
Tenant	Sophos Tenant	The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Static Packages*	Sophos Static Package	None Provided

Add Package

Add a package by token, supplied by Sophos support. This is a one-way operation

POST /endpoint/v1/software/packages/static/{staticPackageId}/add

Key	Type	Description
Tenant	Sophos Tenant	The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Static Packages*	Sophos Static Package	None Provided

List Static Package Comments

Get all software comments

GET /endpoint/v1/software/comments

Key	Type	Description
Tenant	Sophos Tenant	The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.

Get Static Package Comment

Get the static package comment

GET /endpoint/v1/software/comments/{staticPackageId}

Key	Type	Description
Tenant	Sophos Tenant	The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Static Packages*	Sophos Static Package	None Provided

Update Static Package Comment

Add/Update the static package comment

PUT /endpoint/v1/software/comments/{staticPackageId}

Key	Type	Description
Tenant	Sophos Tenant	The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Static Packages*	Sophos Static Package	None Provided
Comment*	String (?)	Comment indicating why the item should be allowed

Delete Static Package Comment

Delete the static package comment

DELETE /endpoint/v1/software/comments/{staticPackageId}

Key	Type	Description
Tenant	Sophos Tenant	The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Static Packages*	Sophos Static Package	None Provided

Partner Admins

List Partner Admins

List all partner admins

GET /partner/v1/admins

Key	Type	Description
X-Partner-ID*	String (?)	Partner ID
Sort	Array	Defines how to sort the data
Fields	String (?)	The fields to return in a partial response
Search	String (?)	Search for items that match the given terms
Email	String (?)	None Provided
Partner Role	Sophos Partner Role	Role ID
With Access To Tenant	String (?)	Search for admins that have access to the given tenant

Create Partner Admin

Create a new partner administrator

POST /partner/v1/admins

Key	Type	Description
X-Partner-ID*	String (?)	Partner ID
Username	String (?)	Administrator username (email)

Get Partner Admin

Get partner administrator details by ID

GET /partner/v1/admins/{adminId}

Key	Type	Description
X-Partner-ID*	String (?)	Partner ID
Partner Admin*	Sophos Partner Admin	Admin ID

List All Partner Roles

Get the list of role assignments for a given admin

GET /partner/v1/admins/{adminId}/role-assignments

Key	Type	Description
X-Partner-ID*	String (?)	Partner ID
Partner Admin*	Sophos Partner Admin	Admin ID

Assign A Partner Admin Role

Assign a role to a partner administrator

POST /partner/v1/admins/{adminId}/role-assignments

Key	Type	Description
X-Partner-ID*	String (?)	Partner ID
Partner Admin*	Sophos Partner Admin	Admin ID
Partner Role*	Sophos Partner Role	Role ID

Get Partner Admin Role Assignment

Get partner administrator role assignment by ID

GET /partner/v1/admins/{adminId}/role-assignments/{assignmentId}

Key	Type	Description
X-Partner-ID*	String (?)	Partner ID
Partner Admin*	Sophos Partner Admin	Admin ID
Partner Role Assignment*	Sophos Partner Role Assignment	Role Assignment ID

Remove A Partner Admin Role Assignment

Remove role assignment from a partner admin

DELETE /partner/v1/admins/{adminId}/role-assignments/{assignmentId}

Key	Type	Description
X-Partner-ID*	String (?)	Partner ID
Partner Admin*	Sophos Partner Admin	Admin ID
Partner Role Assignment*	Sophos Partner Role Assignment	Role Assignment ID

Profile

Key	Type	Description
Name	String (?)	Full name
firstName	String (?)	None Provided
lastName	String (?)	None Provided
phone	String (?)	None Provided
mobile	String (?)	None Provided
fax	String (?)	None Provided

Partnerroleassignment

Key	Type	Description
roleId	String (?)	Role UUID

Scope

Key	Type	Description
Type*	String	Role assignment scope type
Tenant	String (?)	Tenant ID. Optional when `type` is `allManagedTenants` or `self`

Partner Billing

List Partner Usage Report

Gets a partner usage report for a particular month and year

GET /partner/v1/billing/usage/{year}/{month}

Key	Type	Description
X-Partner-ID	String (?)	Partner ID
Month*	String (?)	Month of the year
Year*	String (?)	Year
Fields	String (?)	The fields to return in a partial response
Contact Email	String (?)	Tenant email for contact
Tenant*	Sophos Tenant	The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.

Partner Role Management

List Partner Roles

List all partner roles

GET /partner/v1/roles

Key	Type	Description
X-Partner-ID	String (?)	Partner ID
Type	String (?)	Role type
Principal Type	String	Principal type of role
Fields	String (?)	The fields to return in a partial response

Create Partner Role

Create a new partner role

POST /partner/v1/roles

Key	Type	Description
X-Partner-ID	String (?)	Partner ID
Fields	String (?)	The fields to return in a partial response
Name	String (?)	Role name
Description	String (?)	Group description
Principal Type	String	Principal type of role
Permission Sets	String (?)	List of permission sets

Get Partner Role

Get a partner role by ID

GET /partner/v1/roles/{roleId}

Key	Type	Description
X-Partner-ID	String (?)	Partner ID
Partner Role*	Sophos Partner Role	Role ID
Fields	String (?)	The fields to return in a partial response

Delete Partner Role

Delete a partner role by ID

DELETE /partner/v1/roles/{roleId}

Key	Type	Description
X-Partner-ID	String (?)	Partner ID
Partner Role*	Sophos Partner Role	Role ID

Update Partner Role

Update an existing partner role

PATCH /partner/v1/roles/{roleId}

Key	Type	Description
X-Partner-ID	String (?)	Partner ID
Partner Role*	Sophos Partner Role	Role ID
Fields	String (?)	The fields to return in a partial response
Name	String (?)	Role name
Description	String (?)	Group description
Permission Sets	String (?)	List of permission sets

Get Partner Role Permission Sets

Get permission set details for a Partner Role

GET /partner/v1/roles/permission-sets

Key	Type	Description
X-Partner-ID	String (?)	Partner ID
Fields	String (?)	The fields to return in a partial response
Type	String (?)	Permission set type
Product	Array	Alerts for a product. You can query by product types
Access	String	Access level of permission set
Allowed In Custom Role	String (?)	Filter permissions sets allowed in custom roles
Principal Type	String	Principal type of role

Peripheral Control

List Peripherals

Get all the peripherals

GET /endpoint/v1/settings/peripheral-control/peripherals

Key	Type	Description
Tenant	Sophos Tenant	The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Last Seen After	String (?)	Find endpoints that were last seen after the given date and time (UTC) or a duration relative to the current date and time (inclusive).
Type	String (?)	One or more peripheral types to include

Get Peripheral

Get a peripheral by ID

GET /endpoint/v1/settings/peripheral-control/peripherals/{peripheralId}

Key	Type	Description
Tenant	Sophos Tenant	The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Peripheral*	Sophos Peripheral	None Provided

Policy Management

List Policies

List the policies of a tenant

GET /endpoint/v1/policies

Key	Type	Description
Tenant	Sophos Tenant	The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Policy Type	String	Policy type
Fields	String (?)	The fields to return in a partial response

Create Policy

Create a new policy

POST /endpoint/v1/policies

Key	Type	Description
Tenant	Sophos Tenant	The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Name*	String (?)	Policy name
Type*	String (?)	Policy type
Priority*	String (?)	Policy priority
Enabled	String (?)	Whether Tamper Protection should be turned on for the endpoint
Disable At*	String (?)	When the policy should be turned off
Applies To*	String (?)	None Provided
Settings	String (?)	Settings for this object

Get Policy Setting Metadata

Get a list of metadata for the policy settings

GET /endpoint/v1/policies/settings

Key	Type	Description
Tenant	Sophos Tenant	The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Policy Type	String	Policy type

Get Policy

Gets a policy's details

GET /endpoint/v1/policies/{policyId}

Key	Type	Description
Tenant	Sophos Tenant	The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Policy*	Sophos Policy	None Provided

Update Policy

Update policy. Note you can only change the settings for a base policy

PATCH /endpoint/v1/policies/{policyId}

Key	Type	Description
Tenant	Sophos Tenant	The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Policy*	Sophos Policy	None Provided
Name	String (?)	Policy name
Priority*	String (?)	Policy priority
Enabled	String (?)	Whether Tamper Protection should be turned on for the endpoint
Disable At*	String (?)	When the policy should be turned off
Applies To*	String (?)	None Provided
Settings	String (?)	Settings for this object

Delete Policy

Deletes a policy

DELETE /endpoint/v1/policies/{policyId}

Key	Type	Description
Tenant	Sophos Tenant	The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Policy*	Sophos Policy	None Provided

List Policy Settings

Gets a list of policy settings

GET /endpoint/v1/policies/{policyId}/settings

Key	Type	Description
Tenant	Sophos Tenant	The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Policy*	Sophos Policy	None Provided

Update Policy Settings

Updates policy settings

PATCH /endpoint/v1/policies/{policyId}/settings

Key	Type	Description
Tenant	Sophos Tenant	The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Policy*	Sophos Policy	None Provided

ordereddict([('description', 'Keys have specific names documented here'), ('type', 'object'), ('x-anchor-description', 'JSON Schema object data type')])

Reset All Settings For A Policy

Reset policy settings

POST /endpoint/v1/policies/{policyId}/settings/reset

Key	Type	Description
Tenant	Sophos Tenant	The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Policy*	Sophos Policy	None Provided

Get Policy Setting Value

Get the value of a setting key in a policy

GET /endpoint/v1/policies/{policyId}/settings/{settingKey}

Key	Type	Description
Tenant	Sophos Tenant	The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Policy*	Sophos Policy	None Provided
Setting Key*	String (?)	Setting key

Reset Single Policy Setting

Reset a setting to its default value

POST /endpoint/v1/policies/{policyId}/settings/{settingKey}/reset

Key	Type	Description
Tenant	Sophos Tenant	The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Policy*	Sophos Policy	None Provided
Setting Key*	String (?)	Setting key

Clone Policy

Clone a policy

POST /endpoint/v1/policies/{policyId}/clone

Key	Type	Description
Tenant	Sophos Tenant	The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Policy*	Sophos Policy	None Provided
Name	String (?)	Name of the newly cloned policy

Get Base Policy

Get base policy for a policy type

GET /endpoint/v1/policies/{policyType}/base

Key	Type	Description
Tenant	Sophos Tenant	The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Policy Type*	String	Policy type

Update Base Policy

Update base policy. Note that only settings can be changed

PATCH /endpoint/v1/policies/{policyType}/base

Key	Type	Description
Tenant	Sophos Tenant	The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Policy Type*	String	Policy type
Settings	String (?)	Settings for this object

Get Base Policy Settings

Get settings of the base policy for a policy type

GET /endpoint/v1/policies/{policyType}/base/settings

Key	Type	Description
Tenant	Sophos Tenant	The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Policy Type*	String	Policy type

Update Base Policy Settings

Update settings in the base policy for a policy type

PATCH /endpoint/v1/policies/{policyType}/base/settings

Key	Type	Description
Tenant	Sophos Tenant	The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Policy Type*	String	Policy type

ordereddict([('description', 'Keys have specific names documented here'), ('type', 'object'), ('x-anchor-description', 'JSON Schema object data type')])

Reset Base Policy Settings

Reset the settings in a base policy

POST /endpoint/v1/policies/{policyType}/base/settings/reset

Key	Type	Description
Tenant	Sophos Tenant	The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Policy Type*	String	Policy type

Get Base Policy Setting

Get the value of a setting in the base policy for a policy type

GET /endpoint/v1/policies/{policyType}/base/settings/{settingKey}

Key	Type	Description
Tenant	Sophos Tenant	The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Policy Type*	String	Policy type
Setting Key*	String (?)	Setting key

Update Base Policy Setting

Update a setting in the base policy

PATCH /endpoint/v1/policies/{policyType}/base/settings/{settingKey}

Key	Type	Description
Tenant	Sophos Tenant	The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Policy Type*	String	Policy type
Setting Key*	String (?)	Setting key

Reset Setting In Base Policy

Reset a setting in the base policy to its default value

POST /endpoint/v1/policies/{policyType}/base/settings/{settingKey}/reset

Key	Type	Description
Tenant	Sophos Tenant	The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Policy Type*	String	Policy type
Setting Key*	String (?)	Setting key

Clone Base Policy

Clone a new policy from the base policy for a policy type

POST /endpoint/v1/policies/{policyType}/base/clone

Key	Type	Description
Tenant	Sophos Tenant	The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Policy Type*	String	Policy type
Name	String (?)	Name of the newly cloned policy

Scanning Exclusions

List Scanning Exclusions

List scanning exclusions

GET /endpoint/v1/settings/exclusions/scanning

Key	Type	Description
Tenant	Sophos Tenant	The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Type	String (?)	Scanning Exclusion type

Add Scanning Exclusion

Add a new scanning exclusion

POST /endpoint/v1/settings/exclusions/scanning

Key	Type	Description
Tenant	Sophos Tenant	The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Value*	String (?)	Exclusion value
Type*	String (?)	Scanning exclusion type
Scan Mode*	String (?)	Default value of scan mode is \"onDemandAndOnAccess\" for exclusions of type path, posixPath and virtualPath, \"onAccess\" for process, web, pua, amsi. Behavioral and Detected Exploits (exploitMitigation) type exclusions do not support a scan mode.
Comment*	String (?)	Comment indicating why the item should be allowed

Get Scanning Exclusion

Get a scanning exclusion by ID

GET /endpoint/v1/settings/exclusions/scanning/{exclusionId}

Key	Type	Description
Tenant	Sophos Tenant	The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Scanning Exclusion*	Sophos Scanning Exclusion	Exclusion ID

Update Scanning Exclusion

Update a scanning exclusion by ID

PATCH /endpoint/v1/settings/exclusions/scanning/{exclusionId}

Key	Type	Description
Tenant	Sophos Tenant	The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Scanning Exclusion*	Sophos Scanning Exclusion	Exclusion ID
Value*	String (?)	Exclusion value
Scan Mode*	String (?)	Default value of scan mode is \"onDemandAndOnAccess\" for exclusions of type path, posixPath and virtualPath, \"onAccess\" for process, web, pua, amsi. Behavioral and Detected Exploits (exploitMitigation) type exclusions do not support a scan mode.
Comment*	String (?)	Comment indicating why the item should be allowed

Delete Scanning Exclusion

Deletes a scanning exclusion

DELETE /endpoint/v1/settings/exclusions/scanning/{exclusionId}

Key	Type	Description
Tenant	Sophos Tenant	The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Scanning Exclusion*	Sophos Scanning Exclusion	Exclusion ID

Scans

Scan Endpoint

Sends a request to the specified endpoint to perform or configure a scan

POST /endpoint/v1/endpoints/{endpointId}/scans

Key	Type	Description
Tenant	Sophos Tenant	The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Endpoint*	Sophos Endpoint	None Provided

ordereddict([('description', 'Request to configure or perform a scan on the endpoint'), ('type', 'object'), ('x-anchor-description', 'JSON Schema object data type')])

Tamper Protection

Get Endpoint's Tamper Protection Settings

Get Tamper Protection settings for a specified endpoint

GET /endpoint/v1/endpoints/{endpointId}/tamper-protection

Key	Type	Description
Tenant	Sophos Tenant	The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Endpoint*	Sophos Endpoint	None Provided

Update Endpoint Tamper Protection Settings

Turns Tamper Protection on or off on an endpoint. Or generates a new Tamper Protection password Note that Tamper Protection can be turned on for an endpoint only if it has also been turned on globally.

POST /endpoint/v1/endpoints/{endpointId}/tamper-protection

Key	Type	Description
Tenant	Sophos Tenant	The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Endpoint*	Sophos Endpoint	None Provided
Enabled	String (?)	Whether Tamper Protection should be turned on for the endpoint
Regenerate Password	String (?)	Whether a new Tamper Protection password should be generated

Tenant Access

List Tenant Admins

List all tenant admins

GET /common/v1/admins

Key	Type	Description
Tenant	Sophos Tenant	The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Sort	Array	Defines how to sort the data
Fields	String (?)	The fields to return in a partial response
Search	String (?)	Search for items that match the given terms
Search Fields	Array	Search only within the specified fields, username field is default if search query is specified
Tenant Role	Sophos Tenant Role	Role ID

Create Tenant Admin

Create a tenant admin from a directory user

POST /common/v1/admins

Key	Type	Description
Tenant	Sophos Tenant	The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Fields	String (?)	The fields to return in a partial response
User	Sophos User	None Provided

Get Tenant Admin

Get admin details by ID

GET /common/v1/admins/{adminId}

Key	Type	Description
Tenant	Sophos Tenant	The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Tenant Admin*	Sophos Tenant Admin	Admin ID
Fields	String (?)	The fields to return in a partial response

Delete Tenant Admin

Remove an admin by ID

DELETE /common/v1/admins/{adminId}

Key	Type	Description
Tenant	Sophos Tenant	The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Tenant Admin*	Sophos Tenant Admin	Admin ID

List All Roles For Admin

Get the list of role assignments for a given admin

GET /common/v1/admins/{adminId}/role-assignments

Key	Type	Description
Tenant	Sophos Tenant	The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Tenant Admin*	Sophos Tenant Admin	Admin ID

Assign A Role To A Tenant Admin

Assign a role of principal type "user" to a tenant admin Any existing assignment is overridden

POST /common/v1/admins/{adminId}/role-assignments

Key	Type	Description
Tenant	Sophos Tenant	The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Tenant Admin*	Sophos Tenant Admin	Admin ID
Tenant Role	Sophos Tenant Role	Role ID

Get Specific Tenant Admin's Role Information

Get tenant admin role assignment information by ID

GET /common/v1/admins/{adminId}/role-assignments/{assignmentId}

Key	Type	Description
Tenant	Sophos Tenant	The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Tenant Admin*	Sophos Tenant Admin	Admin ID
Tenant Role Assignment*	Sophos Tenant Role Assignment	Role Assignment ID

Remove Tenant Admin Role Assignment

Remove role assignment from an admin account

DELETE /common/v1/admins/{adminId}/role-assignments/{assignmentId}

Key	Type	Description
Tenant	Sophos Tenant	The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Tenant Admin*	Sophos Tenant Admin	Admin ID
Tenant Role Assignment*	Sophos Tenant Role Assignment	Role Assignment ID

Role Assignment

Key	Type	Description
roleId	String (?)	Role UUID

Tenant Role Management

List Tenant Roles

List all roles in the tenant

GET /common/v1/roles

Key	Type	Description
Tenant	Sophos Tenant	The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Type	String (?)	Role type
Principal Type	String	Principal type of role
Fields	String (?)	The fields to return in a partial response

Create Tenant Role

Create a new tenant role

POST /common/v1/roles

Key	Type	Description
Tenant	Sophos Tenant	The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Fields	String (?)	The fields to return in a partial response
Name	String (?)	Role name
Description	String (?)	Group description
Principal Type	String	Principal type of role
Permission Sets	String (?)	List of permission sets

Get Tenant Role

Get Tenant Role by ID

GET /common/v1/roles/{roleId}

Key	Type	Description
Tenant	Sophos Tenant	The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Tenant Role*	Sophos Tenant Role	Role ID
Fields	String (?)	The fields to return in a partial response

Delete Tenant Role

Delete a tenant role by ID

DELETE /common/v1/roles/{roleId}

Key	Type	Description
Tenant	Sophos Tenant	The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Tenant Role*	Sophos Tenant Role	Role ID

Update Tenant Role

Update an existing tenant role

PATCH /common/v1/roles/{roleId}

Key	Type	Description
Tenant	Sophos Tenant	The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Tenant Role*	Sophos Tenant Role	Role ID
Fields	String (?)	The fields to return in a partial response
Name	String (?)	Role name
Description	String (?)	Group description
Permission Sets	String (?)	List of permission sets

List Tenant Role Permission Sets

Get permission set details for roles

GET /common/v1/roles/permission-sets

Key	Type	Description
Tenant	Sophos Tenant	The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Fields	String (?)	The fields to return in a partial response
Type	String (?)	Permission set type
Product	Array	Alerts for a product. You can query by product types
Access	String	Access level of permission set
Allowed In Custom Role	String (?)	Filter permissions sets allowed in custom roles
Principal Type	String	Principal type of role

Tenants

Create Tenant

Create a new tenant

POST /partner/v1/tenants

Key	Type	Description
X-Partner-ID	String (?)	Partner ID
Fields	String (?)	The fields to return in a partial response
Show As	String (?)	Tenant display name

List Tenants

List all the tenants for a partner

GET /partner/v1/tenants

Key	Type	Description
X-Partner-ID	String (?)	Partner ID
Fields	String (?)	The fields to return in a partial response

Get Tenant

Get a tenant by ID

GET /partner/v1/tenants/{tenantId}

Key	Type	Description
X-Partner-ID	String (?)	Partner ID
Tenant*	Sophos Tenant	The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Fields	String (?)	The fields to return in a partial response

Contact

Key	Type	Description
firstName	String (?)	None Provided
lastName	String (?)	None Provided
Email	String (?)	None Provided
phone	String (?)	None Provided
mobile	String (?)	None Provided
fax	String (?)	None Provided
address	String (?)	None Provided

Update Checks

Request Endpoint Update Check

Sends a request to the endpoint to check for Sophos management agent software updates

POST /endpoint/v1/endpoints/{endpointId}/update-checks

Key	Type	Description
Tenant	Sophos Tenant	The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Endpoint*	Sophos Endpoint	None Provided

ordereddict([('description', 'Request to the endpoint to check for updates to the Sophos agent software and protection data'), ('type', 'object'), ('x-anchor-description', 'JSON Schema object data type')])

Web Controls

List Local Sites

Get all sites for the tenant

GET /endpoint/v1/settings/web-control/local-sites

Key	Type	Description
Tenant	Sophos Tenant	The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.

Add Local Site Exclusion

Adds a new local site to your exclusions

POST /endpoint/v1/settings/web-control/local-sites

Key	Type	Description
Tenant	Sophos Tenant	The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Website Category	Sophos Website Category	Category associated with this local site.
Tags	Array	Array of tags associated with this local site setting. Either `categoryId` or `tags` must be provided

Get Local Site

Get a local site by ID

GET /endpoint/v1/settings/web-control/local-sites/{localSiteId}

Key	Type	Description
Tenant	Sophos Tenant	The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Local Site*	String (?)	Local site ID

Update Local Site

Update a local site definition

PATCH /endpoint/v1/settings/web-control/local-sites/{localSiteId}

Key	Type	Description
Tenant	Sophos Tenant	The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Local Site*	String (?)	Local site ID
Website Category	Sophos Website Category	Category associated with this local site.
Tags	Array	Array of tags associated with this local site setting. Either `categoryId` or `tags` must be provided
URL	String (?)	None Provided
Comment*	String (?)	Comment indicating why the item should be allowed

Delete Local Site

Deletes the specified local site

DELETE /endpoint/v1/settings/web-control/local-sites/{localSiteId}

Key	Type	Description
Tenant	Sophos Tenant	The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Local Site*	String (?)	Local site ID

List Web Categories

Get all Web Control categories

GET /endpoint/v1/settings/web-control/categories

Key	Type	Description
Tenant	Sophos Tenant	The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.

List SSL/Tls Settings

Get settings for SSL/TLS decryption of HTTPS websites

GET /endpoint/v1/settings/web-control/tls-decryption

Key	Type	Description
Tenant	Sophos Tenant	The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.

Update SSL/Tls Settings

Update settings for SSL/TLS decryption of HTTPS websites

PATCH /endpoint/v1/settings/web-control/tls-decryption

Key	Type	Description
Tenant	Sophos Tenant	The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.
Enabled	String (?)	Whether Tamper Protection should be turned on for the endpoint

List SSL/Tls Excluded Sites

List of websites excluded from SSL/TLS decryption

GET /endpoint/v1/settings/web-control/tls-decryption/excluded-websites

Key	Type	Description
Tenant	Sophos Tenant	The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.

Update SSL/Tls Exclusions

Add and remove websites excluded from SSL/TLS decryption

PATCH /endpoint/v1/settings/web-control/tls-decryption/excluded-websites

Key	Type	Description
Tenant	Sophos Tenant	The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.

Clear SSL/Tls Website Exclusions

Clears the list of websites excluded from SSL/TLS decryption

DELETE /endpoint/v1/settings/web-control/tls-decryption/excluded-websites

Key	Type	Description
Tenant	Sophos Tenant	The Tenant that you want to perform the action on. If you are a partner account, you must specify the tenant IDof the tenant you want to perform the action on. If you are a tenant account, you can omit this field.

Key	Type	Description
id	String (?)	Web decryption category ID matching the Web Control categories
decryptionEnabled	String (?)	Whether web decryption is enabled on websites in this category

Key	Type	Description
value	String (?)	Website IP address, IP address range or domain
comment	String (?)	Comment indicating why the site was excluded

Files

sophos-integration-setup.md

Latest commit

History

sophos-integration-setup.md

File metadata and controls

Sophos Integration Setup

Setup

Actions

Alerts

List Alerts​

Get Alert​

Take Action On Alert​

Allowed Items

List Exemptions​

Create Exemption​

Get Exemption​

Update Exemption​

Delete Exemption​

Property​

Blocked Items

List Quarantined Items​

Add Item To Quarantine​

Get Quarantined Item​

Delete From Quarantine​

Property - Blocked Items​

Directory Management

List Users​

Create User​

Get User​

Delete User​

Update User​

List User Groups​

Create User Group​

Get User Group​

Delete User Group​

Update User Group​

Get User Group Membership​

Add User To Group(S)​

Remove User From Group(S)​

List Users In Group​

Add User(S) To Group​

Remove User(S) From Group​