Sophos Intercept X
App Vendor: Sophos Intercept X
App Category: Endpoint
Connector Version: 1.0.1
API Version: 1.0.0
About App
This app allows administrators to manage endpoints over sophos intercept x, effectively allowing administrators to list endpoint details, work with tamper protection, scan, and block files as well
The Sophos Intercept X connector app is configured with the CSOL application to perform the following actions:
Action Name | Description |
|---|---|
Block File Item | This action is used to block a file item on sophos intercept |
Enable Tamper Protection | This action is used to enable/ disable tamper protection on an endpoint |
Get Endpoint Details | This action is used to details about an endpoint |
Isolate Enpoint | This action is used to either isolate an endpoint or non-isolate an endpoint |
List All Endpoints | This action is used to list all the endpoints from sophos |
Scan Endpoint | This action is used to initiate an endpoint scan |
Configuration Parameters
The following configuration parameters are required for the Sophos Intercept X connector app to communicate with the Sophos Intercept X enterprise application. The parameters can be configured by creating instances in the connector app.
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Base URL | Enter the base url connect to. eg: https://api-{dataregion}.central.sophos.com | Text | Required | |
Client ID | Enter the client id to auth with | Text | Required | |
Client Secret | Enter the client secret to auth with | Password | Required | |
Tenant ID | Enter the tenant id of the instance | Text | Required |
Action: Block File Item
This action is used to block a file item on sophos intercept
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Sha 256 | Sha 256 to block on sophos | Text | Required |
|
Comment | Enter the comment describing why we are blocking this item | Text | Required |
|
Action: Enable Tamper Protection
This action is used to enable/ disable tamper protection on an endpoint
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Endpoint id | Enter the endpoint to enable/ disable tamper protection on | Text | Required |
|
Enable | Whether tamper protection should be turned on for the endpoint | Boolean | Required |
|
Regenerate password | Whether a new tamper protection password should be generated | Boolean | Optional |
|
Action: Get Endpoint Details
This action is used to details about an endpoint
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Endpoint id | Enter the endpoint id to get details about | Text | Required |
|
Field list | The list of fields to return in a partial response. the following values are allowed: basic, summary, full | List | Optional |
|
View | Type of view to be returned in the response. the following values are allowed: basic, summary, full | Text | Optional |
|
Action: Isolate Enpoint
This action is used to either isolate an endpoint or non-isolate an endpoint
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Isolation status | Whether the endpoints should be isolated or not | Boolean | Required |
|
Id list | List of endpoints ids to act on. must contain at most 50 items | List | Required |
|
Comment | Comment to add to the action | Text | Optional |
|
Action: List All Endpoints
This action is used to list all the endpoints from sophos
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Page size | Enter the page size to limit responses to | Integer | Optional |
|
Sort | This regex defines how to sort the data. eg: matches (^[^:]+$)|(^[^:]+:(asc|desc)$) | Text | Optional |
|
Health status | Find endpoints by health status. the following values are allowed: bad, good, suspicious, unknown | Text | Optional |
|
Endpoint type | Find endpoints by type. the following values are allowed: computer, server, securityvm | Text | Optional |
|
Id list | Enter a list of ids to filter responses by | List | Optional |
|
Host name contains | Find endpoints where the hostname contains the given string | Text | Optional |
|
Action: Scan Endpoint
This action is used to initiate an endpoint scan
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Endpoint id | Enter the endpoint to scan | Text | Required |
|