Sophos Endpoint API: How to create API Credentials Management to Call API on Sophos Central. (Part 1).

1.Overview

Sophos Central’s Public API program makes it easy for you to automate your monitoring, security and administration activities in Sophos Central. You can do many of the things that you normally would do in Sophos Central Admin or Sophos Central Partner.

The article will guide you how to create the Credentials Management API on Sophos Central as well as the require on the endpoint so that you can use the API call to get information such as devices, events, and policies available on your Central.

2. Instructions

Step 1: Create API Credentials Management on Sophos Central.

API Credentials is a set of credentials that can be used to authenticate and call APIs

Login to Sophos Central > Global Settings > Administration > API Credentials Mangement.

Note: Requires Login as Super Admin role.

At the Credentials tab, click Add Credentials.

In Add Credentials:

  • Credentials Name: Enter the name you want
  • Roles: select Service Principal Super Admin (Users with this role can perform all API operations with full CRUD (Create Read Update Delete) capabilities and have access to queries.).
  • Click Add.

You copy the Client ID and Client Secret and paste it into the note. You can only see the Client Secret once.

Step 2: Require on Endpoint before calling API

On the endpoint used to run call API that combine Python code, you need to install the python tool to run these codes on CMD of Endpoint. By defaults CMD will not understand the command to run python code.

You access the link: https://www.python.org/downloads/releases/python-3107/

Download and install Python 3.10.7 or later for Windows.

Once installed, check by opening CMD, typing the command: python –V. To check the installed python version.

In addition, to make it easier to check the output results after running the API, you need to install a code editing tool like Visual Studio Code.

You access the link: https://code.visualstudio.com/download

Download and install.

Visual Studio Code after installation.

Step 3: GET parameters to call Endpoint API.

You can visit the link to get the Python code files used in the steps below.

Link: https://drive.google.com/drive/u/0/folders/1jAVanOogWjC4bQuCVebrZqW0jeGAfMV_

The information required to be able to run Endpoint API calls includes:

  • Access Token
  • Tenant ID
  • Data Region

In there:

  • Tenant: A tenant is a collection of “resources” owned by an organization
  • Data regions: The regional API host in the data geography where the tenant data is located
  • Access Token: A sequence of characters and numbersused to authenticate when you make API calls with Tenant ID.

Step 3.1: Create API_CREDENTIAL file

You open Visual Studio Code create a file with the name “API_CREDENTIAL.json” and save it with the .json file extension.

Next, you will input the Client ID and Client Secret parameters obtained in “Step 1” as shown below.

I have customized a code Python file to get information about Access Token, Tenant ID and Data Region at the same time based on the Client ID and Client Secret parameters you provided. You don’t need to edit this file, just open CMD and run it.

The Python code saved with the name “GET_INFO.py” has the form as shown below:

Step 3.2: Run command “GET_INFO.py” on CMD

Note: You need to save the file “API_CREDENTIAL.json” and “GET_INFO.py” in the same folder.

Next you open CMD on the endpoint. You need to go to the folder containing the code “GET_INFO.py” as follows.

Example: The path you save is in “Desktop/API/GET_INFO.py”.

Run the command “cd Desktop/API”: Go to the API directory containing the GET_INFO.py file

Run the command “python GET_INFO.py”: Execute the command to get the information. Press Enter.

The result in the API folder will appear a file “GET_INFO.json“.

Step 3.3: Check output information.

Open the file GET_INFO.json with Visual Studio Code software. To easily check the results, right-click and select “Format Document” to change the format to the command line.

The result has obtained information about Access Token, Tenant ID and Data Region on your Sophos Central.

Be the first to comment

Leave a Reply

Your email address will not be published.


*


This site uses Akismet to reduce spam. Learn how your comment data is processed.