Sophos delivers a broad portfolio of advanced products and services to secure users, networks and endpoints against ransomware, malware, exploits, phishing and the wide range of other cyberattacks. Sophos provides a single integrated cloud-based management console, Sophos Central – the centerpiece of an adaptive cybersecurity ecosystem that features a centralized data lake that leverages a rich set of open APIs available to customers, partners, developers, and other cybersecurity vendors. Sophos sells its products and services through reseller partners and managed service providers (MSPs) worldwide.
Sophos Central Endpoint Detection
With the Sophos Central Endpoint Detection integration, customers have the ability to interact with aspects such as endpoints, alerts, exclusions and blocklist items inside the Sophos Central platform.
The following actions are available:
- List Alerts - Get alerts matching criteria in query parameters.
- Get Alert - Get an alert based on its alert id.
- Get Endpoint - Retrieve an endpoint based on ID.
- List Endpoints - Retrieve all the endpoints for the specified tenant.
- List Allowed Items - Retrieve all allowed items.
- Update Allowed Item - Update an allowed item.
- List Blocked Items - Retrieve all blocked items.
- Delete Blocked Item - Deletes the specified blocked item.
- Get Scan Exclusion - Retrieve a single isolation exclusion by ID.
- List Scan Exclusion - Return all scan exclusions and their details by type.
- List Isolation Exclusions - Return a list of isolation exclusions.
- Update Isolation Status - Updates an Isolation exclusion details by ID.
These apps can be found in the ThreatConnect App Catalog under the names: Sophos Central Endpoint Detection(Playbook), Sophos Central Endpoint Detection(TriggerService), and Sophos Central Alerting(TiggerService).
Built By ThreatConnect