This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Tamper Protection in Sophos Cloud Console

Dear Sir/Madam,

i was wondering if there is a report that can be ran in the sophos console to find out when the tamper protection was disabled and who by.

If someone could point me in the right direction i would be very grateful.

Thanks

Darren

This thread was automatically locked due to age.

Parents

Jiri Hadamek over 7 years ago

Hi all,

what I need is LOG(CSV,PDF,XLS) where is clearly seen current status of tamper protection. Could you help me with this?
Cancel
Vote Up 0 Vote Down

Cancel
Scott Graham over 6 years ago in reply to Jiri Hadamek

Did you ever get an answer/solution for this? I am trying to do the same thing.
Cancel
Vote Up 0 Vote Down

Cancel
jak over 6 years ago in reply to Scott Graham

From looking at the API responses that feed the list views and reports in the UI of Central, it doesn't seem that the information is available in one go. It would be possible but it's not as trivial as it appears at first glance.

The JSON looks like it contains the information required from the API response from:
https://dzr-api-amzn-eu-west-1-9af7.api-upe.p.hmr.sophos.com/api/user-devices?endpoint_type=computer&get_health_status=true&limit=50&offset=0

But sadly the values aren't populated from this API query.

The only API that returns the information is the one that feeds the individual device page, i.e.

https://dzr-api-amzn-eu-west-1-9af7.api-upe.p.hmr.sophos.com/api/user-devices/59e31ffa-1702-7434-0b2c-4692e015dcca?get_health_status=true

It would be quite easy to query the APIs from a scripting language such as Powershell but to get the TP info you'd need to get a list of machine ids from one API and then make a query to another for each device to get the tamper details. Not impossible but could be a lot of queries if you have a lot of devices.

Regards,
Jak
Cancel
Vote Up 0 Vote Down

Cancel

Reply

jak over 6 years ago in reply to Scott Graham

From looking at the API responses that feed the list views and reports in the UI of Central, it doesn't seem that the information is available in one go. It would be possible but it's not as trivial as it appears at first glance.

The JSON looks like it contains the information required from the API response from:
https://dzr-api-amzn-eu-west-1-9af7.api-upe.p.hmr.sophos.com/api/user-devices?endpoint_type=computer&get_health_status=true&limit=50&offset=0

But sadly the values aren't populated from this API query.

The only API that returns the information is the one that feeds the individual device page, i.e.

https://dzr-api-amzn-eu-west-1-9af7.api-upe.p.hmr.sophos.com/api/user-devices/59e31ffa-1702-7434-0b2c-4692e015dcca?get_health_status=true

It would be quite easy to query the APIs from a scripting language such as Powershell but to get the TP info you'd need to get a list of machine ids from one API and then make a query to another for each device to get the tamper details. Not impossible but could be a lot of queries if you have a lot of devices.

Regards,
Jak
Cancel
Vote Up 0 Vote Down

Cancel

Children

Jiri Hadamek over 6 years ago in reply to jak

I cite:

" It would be possible but it's not as trivial as it appears at first glance."

"It would be quite easy to query the APIs from a scripting language such as Powershell but to get the TP info you'd need to get a list of machine ids from one API and then make a query to another for each device to get the tamper details. Not impossible but could be a lot of queries if you have a lot of devices"

I think that you are joking.

This isn´t answer for "would be an enterprise solution". I think, that your developers have to solve this task during several hours with information that you have written here. It is impossible for Sophos? Why?
Cancel
Vote Up 0 Vote Down

Cancel