Sophos XG Firewall
App Vendor: Sophos
App Category: Network Security
Connector version: 1.0.0
API Version: SFOS 17.5.7 MR-7
About App
Sophos XG Firewall enables security teams to manage the firewall, respond to threats, and monitor network activities. The Sophos XG Firewall app enables security teams to integrate with the enterprise application to manage policies, IPs, hosts, and host groups for effective firewall protection.
The Sophos XG Firewall app is configured with the Orchestrate application to perform the following actions:
Action Name | Description |
|---|---|
Add FQDN Hosts | This action adds FQDN hosts. |
Add Host | This action adds an IP Host. |
Add FQDN Host to FQDN Host Group | This action adds a FQDN host to a FQDN host group. |
Add a Security Policy | This action adds a security policy (firewall rules). |
Block an IP | This action blocks an IP address on a firewall. |
Delete FQDN Host | This action deletes a FQDN host. |
Delete Hosts | This action deletes hosts from a Host Group. |
Delete a Security Policy | This action deletes a security policy. |
Get Hosts | This action retrieves all the saved FQDN hosts. |
Get Sandbox Policies | This action retrieves the sandbox policies. |
Get Security Policies | This action retrieves the security policies (firewall rules). |
Get Web Filter Policy | This action retrieves the web filter policy. |
Get FQDN Hosts | This action retrieves the FQDN hosts. |
Configuration Parameters
The following configuration parameters are required for the Sophos XG Firewall app to communicate with the Sophos XG Firewall enterprise application. The parameters can be configured by creating instances in the app.
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Base URL | Enter the base url of the sophos firewall. Example: "https://cyware.com" | Text | Required | |
Username | Enter the username. Example: "sample username" | Text | Required | |
Password | Enter the password. Example: "sample password" | Password | Required |
Action: Add FQDN Hosts
This action adds FQDN hosts.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Name | Enter the FQDN host name. Example: "mymail" | Text | Required | |
FQDN | Enter the FQDN. Example: "smaple fqdn.com" | Text | Required | |
Group Name | Enter the list of groups to add to the FQDN rule. Example: ["sample host group 1","sample host group 2"] | List | Optional |
Example Request
[
{
"name": "mymail",
"fqdn": "smaple fqdn.com",
"host_group": [
"sample host group 1",
"sample host group 2"
]
}
]Action: Add Host
This action adds an IP host.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Rule Name | Enter the rule name. Example: "sample rule name" | Text | Required | |
Host List | Enter the list of hosts as a list of IP addresses that you want to add to the host. Example: ["1.1.1.1", "2.2.2.2"]. | List | Required | |
Host Group | Enter the host group to add the IP addresses to the group. Example: "sample host group" | Text | Required |
Example Request
[
{
"rule_name": "sample rule name",
"host_group": "sample host group",
"host_list": [
"1.1.1.1",
"2.2.2.2"
]
}
]Action: Add FQDN Host to FQDN Host Group
This action adds a FQDN Host to a FQDN Host Group.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
FQDN Host Group name | Enter the FQDN host group name. Example: "Cluster_prod" | Text | Required | |
Description | Enter the description. Example: "Monitor the Clusters" | Text | Required | |
FQDN host name | Enter the FQDN host name. Example: "mymail" | Text | Required |
Example Request
[
{
"fqdn_host_group_name": "Cluster_prod",
"description": "Monitor the Clusters",
"fqdn_host_name": "mymail"
}
]Action: Add a Security Policy
This action adds a security policy (firewall rules).
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Rule Name | Enter the security rule name. Example: "Domain Security policy" | Text | Required | |
Rule Position | Enter the rule position. Example: "top" | Text | Required | Allowed values:
|
Description | Enter the description of the security policy. Example: "Security policy for the Domain" | Text | Optional | |
Rule Status | Enter the status of the rule. Example: "Enable" | Text | Optional | Allowed values:
Default value: |
Source Network | Enter the source network of the client request. Example: "Any" | Text | Optional | Allowed values:
|
Services | Enter the service. Example: "LDAP" | Text | Optional | Allowed values:
|
Destination Zone | Enter the destination zone. Example: "Any" | Text | Optional | Allowed values:
|
Destination Network | Enter the destination network. Example: "Any" | Text | Optional | Allowed values:
|
Example Request
[
{
"rule_name": "Domain Security policy,
"rule_position": "top",
"description": "Security policy for the Domain",
"status": "Enable",
"source_network": "Any",
"services": "LDAP",
"destination_zone": "Any",
"destination_network": "Any"
}
]Action: Block an IP
This action blocks an IP address on a firewall.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
IP | Enter the IP address that you want to block. Example: "192.168.1.1" | Text | Required |
Example Request
[
{
"ip": "192.168.1.1"
}
]Action: Delete FQDN Host
This action deletes a FQDN host.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Name | Enter the FQDN host rule name that you want to delete. Example: "Domain Security Policy" | Text | Required |
Example Request
[
{
"name": "Domain Security Policy"
}
]Action: Delete Hosts
This action deletes hosts from a Host Group.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Rule name | Enter the rule name. Example: "Domain Security Policy" | Text | Required |
Example Request
[
{
"rule_name": "Domain Security Policy"
}
]Action: Delete a Security Policy
This action deletes a security policy.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Rule Name | Enter the rule name. Example: "Domain Security Policy" | Text | Required |
Example Request
[
{
"rule_name": "Domain Security Policy"
}
]Action: Get Hosts
This action retrieves all the saved FQDN hosts.
Action Input Parameters
This action does not require any input parameter.
Action: Get Sandbox Policies
This action retrieves the sandbox policies.
Action Input Parameters
This action does not require any input parameter.
Action: Get Security Policies
This action retrieves the security policies (firewall rules).
Action Input Parameters
This action does not require any input parameter.
Action: Get Web Filter Policy
This action retrieves the web filter policy.
Action Input Parameters
This action does not require any input parameter.
Action: Get FQDN Hosts
This action retrieves the FQDN hosts.
Action Input Parameters
This action does not require any input parameter.