Skip to content

Latest commit

 

History

History
259 lines (230 loc) · 52.3 KB

File metadata and controls

259 lines (230 loc) · 52.3 KB

Sophos integration

{% hint style="info" %} If you’re new to integrations in Rewst, read through our introductory integration documentation here. {% endhint %}

What does the Sophos integration do?

Integrating Rewst with Sophos brings robust cybersecurity capabilities to your Rewst workflows, enhancing data protection and threat management. Leverage Sophos' advanced security solutions to strengthen defense against cyber threats. Features include malware detection, ransomware protection, network security, and endpoint protection.

Why use the Sophos integration?

Account and data consistency management
  • Ensure consistent and standardized data across platforms by automating the setup of customer accounts.
    • Automatically synchronize client names between Rewst and Sophos, eliminating the need for manual adjustments or TenantName overrides.
    • Streamline the initial stand-up of customer accounts, verifying data consistency and adherence to established standards.
    • Efficiently create customers, users, and other necessary entities within Sophos, ensuring a seamless onboarding process.
Alert management and security compliance
  • Build workflows to effectively handle alerts and ensure security compliance measures are in place.
    • Enable proactive alerting when tamper protection is disabled, ensuring prompt action and maintaining security standards.
Policy and resource management
  • Streamline policy and resource management within Sophos, ensuring consistency and efficiency.
    • Create, read, update, delete, reset, and clone policies and their settings.
    • Manage endpoint groups and their members, including the ability to assign or unassign endpoints and servers.
    • Assign and update policies for specific user groups, endpoints, and endpoint groups efficiently.
    • Retrieve protection statuses per device, providing valuable insights into the security posture of individual assets.

Set up the Sophos integration

{% hint style="info" %} Sophos requires that a user be a Super Admin to manage and add API credentials.

Sophos credentials expire 36 months from the date of creation. We suggest setting a reminder to update the credential at the time of expiration. {% endhint %}

Set up steps in Sophos

  1. Log in to your Sophos account.
  2. Navigate to My Products > General Settings > API Credentials Management.
  3. Click Add Credential.
  4. Provide a name and description for the credential to identify and distinguish it from others. We recommend Rewst API.
  5. Choose the role that will be assigned to this credential. The available roles to choose from can be viewed here.
  6. Click Add.
  7. Copy the value for the Client ID and Client Secret. Save both of these somewhere secure. You'll need them for further steps in Rewst. Once you migrate away from this page, you won't be able to see the information again.

Set up steps in Rewst

  1. Navigate to Marketplace > Integrations in the left side menu of your Rewst platform.
  2. Search for Sophos in the integrations page.

  3. Click on the integration tile to launch the configuration setup page.
  4. Under Parameters, enter the information copied from Sophos into the relevant fields:
    1. Client ID
    2. Client Secret
  5. Click Save Configuration.
  6. Rewst will do a quick validation of your input. Once completed, you'll see a new section beneath the configuration form for organization mapping. Complete your mapping as desired.

{% hint style="success" %} Got an idea for a new Integration? Rewst is constantly adding new integrations to our integrations page. Submit your idea or upvote existing ideas here in our Canny feedback collector. {% endhint %}

Actions and endpoints

{% hint style="info" %} For more on how actions work in Rewst, check out our introductory actions documentation here. {% endhint %}

Sophos' own API documentation can be found here.

{% hint style="warning" %} The Generic API Request action does not automatically include tenant context. To avoid authentication errors, set the tenant value from your X-Tenant-ID in the request headers. You can manually add it in the headers section of the action, or pull it from the tenant dropdown in the UI. {% endhint %}

Category Action Description
Alerts List Alerts List alerts matching specified criteria
Alerts Get Alert Get details of a specific alert
Alerts Take Action On Alert Take an action on a specific alert
Allowed Items List Exemptions Get all allowed items from settings
Allowed Items Create Exemption Exempt an item from conviction
Allowed Items Get Exemption Get an exemption by ID
Allowed Items Update Exemption Update an exemption
Allowed Items Delete Exemption Deletes the specified exemption
Blocked Items List Quarantined Items Get all blocked items
Blocked Items Add Item To Quarantine Block an item from exoneration
Blocked Items Get Quarantined Item Get a blocked item by ID
Blocked Items Delete From Quarantine Deletes the specified blocked item
Directory Management List Users List users in the directory
Directory Management Create User Add a new user to the directory
Directory Management Get User Get a user by ID
Directory Management Delete User Delete a user by ID
Directory Management Update User Update an existing user
Directory Management List User Groups List user groups in the directory
Directory Management Create User Group Add a new group to the directory
Directory Management Get User Group Get a user group by ID
Directory Management Delete User Group Deletes the specified user group. Group must be empty.
Directory Management Update User Group Update a user group
Directory Management Get User Group Membership List groups that a user belongs to
Directory Management Add User To Group(s) Add a user to multiple groups
Directory Management Remove User From Group(s) Remove a user from multiple groups
Directory Management List Users In Group List users in the specified group
Directory Management Add User(s) To Group Add multiple users to the specified group
Directory Management Remove User(s) From Group Remove multiple users from a group
Downloads List Endpoint Installer Links Get all the endpoint installer links for a tenant
Endpoint Groups Management List Endpoint Groups Endpoint groups in the directory
Endpoint Groups Management Create Endpoint Group Add new endpoint group to the directory
Endpoint Groups Management List Endpoint Groups By Type Endpoint groups of your specified type in the directory
Endpoint Groups Management Get Endpoint Group Get endpoint group by ID
Endpoint Groups Management Delete Endpoint Group Delete endpoint group
Endpoint Groups Management Update Group Update endpoint group
Endpoint Groups Management List Endpoints in Group Endpoints in your specified group
Endpoint Groups Management Add Endpoint(s) to Group Add endpoints to your group
Endpoint Groups Management Remove From Group Remove endpoints from a group
Endpoint Groups Management Remove From Group Remove endpoint from a group
Endpoint Isolation Configure Endpoint(s) Isolation Settings Turn on or off endpoint isolation for multiple endpoints
Endpoint Isolation Get Endpoint's Isolation Settings Get isolation settings for an endpoint
Endpoint Isolation Update Endpoint's Isolation Settings Update isolation settings for an endpoint
Endpoints List Endpoints Get all the endpoints for the specified tenant
Endpoints Get Endpoint Get an endpoint based on ID
Endpoints Delete Endpoint Deletes a specified endpoint
Event Journal List Event Journal Settings Get all event journal settings
Event Journal Update Event Journal Settings Update settings for event journal size and disk space limits If you specify both a maximum disk space and a maximum journal size, the lower of these limits is used
Exploit Mitigation List Detected Exploits Get detected exploits and the number of each detected exploit
Exploit Mitigation Get Detected Exploit Get a detected exploit by ID
Exploit Mitigation List Exploit Mitigation Categories Lists all the Exploit Mitigation categories
Exploit Mitigation List Exploit Mitigation Applications Get Exploit Mitigation settings for all protected applications
Exploit Mitigation Add Application To Exploit Mitigation Exclusions Exclude a set of file paths from Exploit Mitigation
Exploit Mitigation Get Application's Exploit Mitigation Settings Get Exploit Mitigation settings for an application
Exploit Mitigation Update Application Exploit Mitigation Settings Update Exploit Mitigation settings for an application
Exploit Mitigation Remove Exploit Mitigation Application Deletes a custom (user-defined) Exploit Mitigation application by ID. Note you can only delete custom applications A request to delete a system-detected application fails with a 409 Conflict message
Firewall Groups List Firewall Groups Retrieve firewall groups for a tenant
Firewall Groups Create Firewall Group Create firewall group
Firewall Groups Update Group Change firewall group name. You can also assign firewalls to group. Or remove firewalls from a group
Firewall Groups Delete Firewall Group Delete firewall group using its ID
Firewall Groups List Firewall Group Sync Status Synchronization status for the firewalls in a group
Firewalls List Firewalls List of firewalls
Firewalls Update Firewall Update firewalls with supplied values
Firewalls Delete Firewall Delete firewall using its ID
Firewalls Run Firewall Action Action you want to do to a firewall
Firewalls Check Firmware Check firmware for firewalls
Firewalls Upgrade Firewall Upgrade firewalls
Firewalls Cancel Scheduled Firewall Upgrade Cancel scheduled upgrade for a firewall
Generic Request Sophos API Request Generic action for making authenticated requests against the Sophos API - see note at the top of this table for instructions about how to use this particular action
Global Tamper Protection Check Global Tamper Protection Setting Check whether Tamper Protection is turned on globally
Intrusion Prevention List Intrusion Prevention Exclusions Get all Intrusion Prevention exclusions
Intrusion Prevention Add Intrusion Prevention Exclusion Add a new Intrusion Prevention exclusion
Intrusion Prevention Get Intrusion Prevention Exclusion Get an Intrusion Prevention exclusion by ID
Intrusion Prevention Remove Intrusion Prevention Exclusion Delete an Intrusion Prevention exclusion by ID
Intrusion Prevention Update Intrusion Prevention Exclusion Update an Intrusion Prevention exclusion by ID
Isolation Exclusions List Isolation Exclusions Get all isolation exclusions
Isolation Exclusions Create Isolation Exclusion Adds a new Isolation exclusion
Isolation Exclusions Get Isolation Exclusion Get a single Isolation exclusion by ID
Isolation Exclusions Delete Isolation Exclusion Deletes an Isolation exclusion
Isolation Exclusions Update Isolation Exclusion Updates an Isolation exclusion by ID
Migrations List Migrations Gets all migration jobs for the tenant
Migrations Start Recieving Migration Job Start a migration job in the receiving tenant
Migrations Get Migration Job Get a single migration job
Migrations Start Starting Migration Job Start a migration job in the sending tenant
Migrations List Migration Endpoint Statuses Gets the status of endpoints that are being migrated
Packages List Recommended Packages Get all Sophos Recommended packages for the tenant
Packages List Static Packages Get all static packages available for the tenant
Packages Get Static Package Get an individual static package
Packages Add Special Package Add a special package by token, supplied by Sophos support. This is a one-way operation
Packages List Static Package Comments Get all software comments
Packages Get Static Package Comment Get the static package comment
Packages Update Static Package Comment Add/Update the static package comment
Packages Delete Static Package Comment Delete the static package comment
Partner Admins List Partner Admins List all partner admins
Partner Admins Create Partner Admin Create a new partner administrator
Partner Admins Get Partner Admin Get partner administrator details by ID
Partner Admins Get Partner Admin's Role Assignments Get the list of role assignments for given partner admin
Partner Admins Assign A Partner Admin Role Assign a role to a partner administrator
Partner Admins Get Partner Admin Role Assignment Get partner administrator role assignment by ID
Partner Admins Remove A Partner Admin Role Assignment Remove role assignment from a partner admin
Partner Billing List Partner Usage Report Gets a partner usage report for a particular month and year
Partner Role Management List Partner Roles List all partner roles
Partner Role Management Create Partner Role Create a new partner role
Partner Role Management Get Partner Role Get partner role by ID
Partner Role Management Delete Partner Role Delete a partner role by ID
Partner Role Management Update Partner Role Update an existing partner role
Partner Role Management Get Partner Role Permission Sets Get permission set details for a Partner Role
Peripheral Control List Peripherals Get all the peripherals
Peripheral Control Get Peripheral Get a peripheral by ID
Policy Management List Policies List the policies of a tenant
Policy Management Create Policy Create a new policy
Policy Management Get Policy Setting Metadata Get's a list of metadata for the policy settings
Policy Management Get Policy Gets a policy's details
Policy Management Update Policy Update policy. Note you can only change the settings for a base policy
Policy Management Delete Policy Deletes a policy
Policy Management List Policy Settings Gets a list of policy settings
Policy Management Update Policy Settings Updates a policy settings
Policy Management Reset All Settings for a Policy Reset policy settings
Policy Management Get Policy Setting Value Get the value of a setting key in a policy
Policy Management Reset Single Policy Setting Reset a setting to its default value
Policy Management Clone Policy Clone a policy
Policy Management Get Base Policy Get base policy for a policy type
Policy Management Update Base Policy Update base policy. Note that only settings can be changed
Policy Management Get Base Policy Settings Get settings of the base policy for a policy type
Policy Management Update Base Policy Settings Update settings in the base policy for a policy type
Policy Management Reset Base Policy Settings Reset the settings in a base policy
Policy Management Get Base Policy Setting Get the value of a setting in the base policy for a policy type
Policy Management Update Base Policy Setting Update a setting in the base policy
Policy Management Reset Setting in Base Policy Reset a setting in the base policy to its default value
Policy Management Clone Base Policy Clone a new policy from the base policy for a policy type
Scanning Exclusions List Scanning Exclusions List scanning exclusions
Scanning Exclusions Add Scanning Exclusion Add a new scanning exclusion
Scanning Exclusions Get Scanning Exclusion Get a scanning exclusion by ID
Scanning Exclusions Update Scanning Exclusion Update a scanning exclusion by ID
Scanning Exclusions Delete Scanning Exclusion Deletes a scanning exclusion
Scans Scan Endpoint Sends a request to the specified endpoint to perform or configure a scan
Tamper Protection Get Endpoint's Tamper Protection Settings Get Tamper Protection settings for a specified endpoint
Tamper Protection Update Endpoint Tamper Protection Settings Turns Tamper Protection on or off on an endpoint. Or generates a new Tamper Protection password Note that Tamper Protection can be turned on for an endpoint only if it has also been turned on globally.
Tenant Access List Tenant Admins List all tenant admins
Tenant Access Create Tenant Admin Create a tenant admin from a directory user
Tenant Access Get Tenant Admin Get admin details by ID
Tenant Access Delete Tenant Admin Remove an admin by ID
Tenant Access List All Roles For Admin Get the list of role assignments for given admin
Tenant Access Assign a Role To a Tenant Admin Assign a role of principal type "user" to a tenant admin Any existing assignment is overridden
Tenant Access Get Specific Tenant Admin's Role Information Get tenant admin role assignment information by ID
Tenant Access Remove Tenant Admin Role Assignment Remove role assignment from an admin account
Tenant Role Management List Tenant Roles List all roles in the tenant
Tenant Role Management Create Tenant Role Create a new tenant role
Tenant Role Management Get Tenant Role Get Tenant Role by ID
Tenant Role Management Delete Tenant Role Delete a tenant role by ID
Tenant Role Management Update Tenant Role Update an existing tenant role
Tenant Role Management List Tenant Role Permission Sets Get permission set details for roles
Tenants Create Tenant Create a new tenant
Tenants List Tenants List all the tenants for a partner
Tenants Get Tenant Get a tenant by ID
Update Checks Request Endpoint Update Check Sends a request to the endpoint to check for Sophos management agent software updates
Web Control List Local Sites Get all sites for the tenant
Web Control Add Local Site Exclusion Adds a new local site to your exclusions
Web Control Get Local Site Get a local site by ID
Web Control Update Local Site Update a local site definition
Web Control Delete Local Site Deletes the specified local site
Web Control List Web Categories Get all Web Control categories
Web Control List SSL/TLS Settings Get settings for SSL/TLS decryption of HTTPS websites
Web Control Update SSL/TLS Settings Update settings for SSL/TLS decryption of HTTPS websites
Web Control List SSL/TLS Excluded Sites List of websites excluded from SSL/TLS decryption
Web Control Update SSL/TLS Exclusions Add and remove websites excluded from SSL/TLS decryption
Web Control Clear SSL/TLS Website Exclusions Clears the list of websites excluded from SSL/TLS decryption