Sophos Endpoint API: How to create and update policy on Sophos Central using API. (Part 3).

1.Overview

After using the GET function to get information about the Endpoint. I will guide you to use the POST / PATCH function to create and update changes in Policy apply to Endpoint.

You can also read the previous two articles at the link below and learn more about POST/PATCH functions in part 2.

Link to article part 1: https://techbast.com/2022/10/sophos-endpoint-api-how-to-create-api-credentials-management-to-call-api-on-sophos-central-part-1.html

Link to article part 2: https://techbast.com/2022/10/sophos-endpoint-api-how-to-get-information-about-endpoint-on-sophos-central-using-api-part-2.html

2. Instructions

Step 1: Create a policy with the POST function.

You access the following link to get the Python code files used in the steps below:

Link: https://drive.google.com/drive/u/0/folders/1jAVanOogWjC4bQuCVebrZqW0jeGAfMV_

Example: Create a policy “Application-control” using POST function with path “endpoint/v1/policies” to block application “Putty”.

I have customized a python file with the name “ADD_POLICY.py” to be able to automatically create this policy. You need to note some elements in the file as follows:

  • Path: endpoint/v1/policies
  • appliesTo: Applying the policy to the endpoint with this ID. You can get the ID in the GET information about the LIST ENDPOINT in step 4.
  • Application: Putty
  • “endpoint.application-control.detection.on-access.enabled: value: True” : Block this application when in use.
  • requests.post: Use the POST function to create a policy with the above Settings.

Next, open CMD and run the file “ADD_POLICY.py” as instructed in step 4.

Result: The run file will output a file with the name “ADD_POLICY.json” you open this file with Visual Studio Code.

You go to Sophos Central to check, the policy “Block Putty” has been created.

The endpoint ID which the policy applied is named “VM10John”.

Switch to the Settings tab. The settings are correct as configured in the python file.

Step 2: Update policy with PATCH function.

You can update policy changes using the PATCH function with the path “endpoint/v1/policies/{policyId}”.

To be able to update policy changes you need information about the policy ID you need to change the setting.

For example: Policy “Block Putty” has ID as shown below. You can GET this ID information with the GET LIST POLICY function in article part 2.

You will need to change some elements in the file “ADD_POLICY.py” as follows:

  • Path: Add the ID of the policy that needs to be configured.

“/endpoint/v1/policies/18fd6931-e7a6-4e9a-9f0b-a9bb9f6a2d8e”

  • “endpoint.application-control.detection.on-access.enabled”: { “value”: False”: Disable this feature on policy.
  • Request.patch: Run command with PATCH function to update policy changes

After changing the configuration, click “Save” file to save the changes, then run the python file again.

Check the results on Sophos Central with the policy “Block Putty”. Settings have been updated.

Be the first to comment

Leave a Reply

Your email address will not be published.


*


This site uses Akismet to reduce spam. Learn how your comment data is processed.