Skip to main content
Sign in

Creating an extended integration for Sophos Endpoint Security assets

  • November 10, 2024 13:07
  • Updated

Let Oomnitza be your single source of truth!

You'll get visibility of your devices as data from Sophos Endpoint Security is automatically transformed into consumable information and actionable insights.

Manage endpoints in Sophos
Oomnitza supports bi-directional APIs to manage configuration and other changes to devices in Sophos.

Connect Oomnitza and Sophos in minutes

Get the information and insights that you need to reduce costs and the time that you spend on administration tasks such as:

  • Configurable dashboards and list views of key asset and user information
  • Configurable reports to share information about your assets and software with your colleagues and management
  • Configurable workflows that you can create for:
    • Isolating endpoints and removing endpoints from isolation
    • Enabling tamper protection and removing tamper protection for an endpoint
    • Deleting endpoints

Tip 
You can also configure a link in Oomnitza to view an asset in Sophos Central. See Open an asset in Sophos Central.

blue_link.svg Learn more about Sophos

Before you start

Before you can create the integration with Oomnitza, you need to have added your Sophos Endpoint Security credentials and global variables to Oomnitza.

Integrate Sophos Endpoint Security with Oomnitza

  1. In Oomnitza, click Configuration> Integrations> Overview.
  2. Click Block view block_view.PNG
  3. Scroll down to the Extended section for asset integrations.
  4. Click NEW INTEGRATION.
  5. Select the integration in the sidebar.
  6. Click ADD.

Integration details overview

More information is provided about the following fields to help you complete the integration:

Installation type

Select Cloud if you want to store credentials in the Oomnitza cloud.

Select Local if you want to store credentials locally. Local extended integrations do not support AWS and OAuth authentication. If you want to sync Oomnitza with vendor applications that require AWS or OAUTH authentication, select Cloud.

Integration preferences

By default, the option Create & Update option is selected. Select this option  when you want to edit records and add new records. If you want to edit records and not add new records, select Update Only. If you only want to add new records, select Create Only.

Integration details

To review or update the integrations details, click Edit edit_black_pencil_icon.svg.

  1. Update the integration name if necessary. 
  2. Select an installation type.
  3. For integration preferences, select an option.
  4. Enter the name of the integration user.

Credential details

If you selected Cloud as the installation type, choose one of the following options:

  • Select the credentials that were created for the integration.
  • Edit the credentials that were created for the integration.
  • Create new credentials

Schedule

By default, data is streamed to Oomnitza once every day.

You can configure the schedule to meet your needs such as changing the interval or changing the time so that the data is streamed when your system isn't busy.

  1. Click the Edit edit_black_pencil_icon.svg.
  2. Configure your schedule.
  3. Click Update.

Mappings

To map the fields to Oomnitza, click Edit edit_black_pencil_icon.svg.

TipBulb_Icon_small.svgYou can define rules for your integration by selecting Edit integration edit_integration.svg on the mapping page. For example, you may only want to run the integration if a certain contact or region exists. See Filtering integration results.  
You can add new fields to your integration by selecting Add new field  add_grey_rectangel_icon.svg on the mapping page. All you need to do is specify the property name. See Creating custom API fields. 

Creating custom mappings

Map the Sophos Endpoint Security fields to the Oomnitza fields and create custom mappings to get the information that you need to manage your assets.

blue_link.svg See Mapping 

Sophos Endpoint Security fields that are mapped to Oomnitza

Asset ID
Asset Type
Build Number
Connector Sync Time
Health Overall
Hostname
Is Server
Is Tamper Protection Enabled
Last Seen At
OS Major Version
OS Minor Version
OS Name
Platform
Services Status
Tenant ID
Threats Status
User's ID
User's Name

Launching the integration

Your integration is in Draft mode until the required mandatory fields are added. When added, click Launch to activate your integration. 

small_blue_link.svg If you selected Cloud as the installation type when creating the integration, see Running an extended integration

small_blue_link.svg If you selected Local as the installation type when creating the integration, see Running an extended integration locally.

Viewing data ingested by Oomnitza

Viewing ingested asset data

For asset integrations, click Hardware. If the asset integration also ingests software data, click Software.

Viewing ingested user data

For user integrations, click People. If you chose the option to ingest User and SaaS user data, click Software > SaaS, click the SaaS app, and then click the Users tab. 

Related Links

Open asset in Sophos Central

Once your assets are pulled into Oomnitza, you can link each Sophos record to the Sophos Central website.

  1. Click Assets and select a Sophos asset.
  2. Click the Actions menu Action_menu_vertical_icon.svg.
  3. Click Screen Builder screen-builder-grey-icon.svg
  4. Click Add Link.
  5. Enter the name of the label such as Link to Sophos Central.
  6. Enter this URL:
      https://central.sophos.com/manage/devices/computers/ {{sophos_asset_id}} /summary
    Click SAVE.

blue_link.svg See Linking records to external websites

Use presets to create workflows

Reduce costs and save time by creating workflows with the following Oomnitza presets to automate administration and management tasks:

Sophos Delete Endpoint

You can create a workflow that uses Sophos Delete Endpoint to delete an endpoint in Sophos. For example, you can use this preset to create workflows when an asset is flagged as lost, stolen, or destroyed.  For this preset, the data region and tenant ID as defined in Global Settings is referenced as is the, sophos_asset_id field which is mapped to the Asset ID field in Oomnitza.

blue_link.svg See Sophos Endpoint API - Delete Endpoints

blue_link.svg See Add workflows using the API block

Sophos Isolate Endpoint

You can create a workflow that uses Sophos Isolate Endpoint to trigger the isolation of an endpoint in Sophos. For this preset, the data region and tenant ID as defined in Global Settings is referenced as is the, sophos_asset_id field which is mapped to the Asset ID field in Oomnitza.

blue_link.svg See Sophos Endpoint API

blue_link.svg See Add workflows using the API block

Sophos Remove Endpoint from Isolation

You can create a workflow that uses Sophos Remove Endpoint from Isolation to trigger the removal of an endpoint from isolation. In effect, this preset reverses the isolation of an endpoint and uses the same settings as Sophos Isolate Endpoint.

blue_link.svg See Add workflows using the API block

Sophos Enable Tamper Protection for Endpoint

You can create a workflow that uses Sophos Enable Tamper Protection for Endpoint to enable tamper protection on a specified endpoint and require a new password to be generated. In effect, this preset reverses the isolation of an endpoint and uses the same settings as Sophos Remove Tamper Protection from Endpoint.

blue_link.svg See Add workflows using the API block

Sophos Remove Tamper Protection from Endpoint

You can create a workflow that uses Sophos Remove Tamper Protection from Endpoint to trigger the removal of tamper protection from an endpoint so that a local admin user can uninstall the Sophos software. For this preset, the data region and tenant ID as defined in Global Settings is referenced as is the, sophos_asset_id field which is mapped to the Asset ID field in Oomnitza.

blue_link.svg See Sophos Endpoint API

blue_link.svg See Add workflows using the API block

Add workflows using the API block

Complete these actions:

Add a workflow

  1. Click Configuration > Workflows 
  2. Click Add (+) and select Assets from the list.
  3. Enter the name and description of the workflow, and click Add new. A Begin and an End block are added to the sandbox.

Edit the Begin block

  1. On the Begin block, click Edit.
  2. Click ADD RULE to define the rules that will trigger the workflow.
  3. Click SAVE.

Choose a workflow action

  1. Drag and drop the API block onto the sandbox.
  2. On the API block, click Edit.
  3. To choose a workflow action, enter Sophos in the search field.
  4. Chose one of the following workflow actions:
    • Sophos Delete Endpoint
    • Sophos Enable Tamper Protection for Endpoint
    • Sophos Isolate Endpoint
    • Sophos Remove Endpoint from Isolation
    • Sophos Remove Tamper Protection from Endpoint
  5. Click the right arrow (>), and select the credentials that you added to Oomnitza.
  6. Click SAVE.

Before you validate and save your workflow, you must connect the Begin, API, and End blocks. 

articles_icon.svg Reference articles for workflows

Unleash the power of Oomnitza

To get valuable actionable insights that help you manage your assets, learn how to:

  • Configure dashboards for your assets and software
  • Configure custom reports about your assets and software

See Getting started.

Related articles

Comments

0 comments

Please sign in to leave a comment.