Let Oomnitza be your single source of truth!
You'll get visibility of your devices as data from Sophos Endpoint Security is automatically transformed into consumable information and actionable insights.
Manage endpoints in Sophos
Oomnitza supports bi-directional APIs to manage configuration and other changes to devices in Sophos.
Connect Oomnitza and Sophos in minutes
Get the information and insights that you need to reduce costs and the time that you spend on administration tasks such as:
- Configurable dashboards and list views of key asset and user information
- Configurable reports to share information about your assets and software with your colleagues and management
- Configurable workflows that you can create such as:
- Workflows for isolating endpoints and removing endpoints from isolation
- Workflows for enabling tamper protection and removing tamper protection for an endpoint
- Workflows for deleting endpoints
- Workflows for deactivating and deleting users
Tip
You can also configure a link in Oomnitza to view an asset in Sophos Central. See Open an asset in Sophos Central.
Learn more about Sophos
Before you start
Check out the following links before you get started with your integration.
Useful links
Setting up Oomnitza extended connectors
Getting started as a Sophos tenant
To integrate Sophos Endpoint Manager with Oomnitza, you need to know;
- Your tenant ID
- Your data region
Procedure
- Log into Oomnitza.
- From the menu, click Settings.
- Click Global Settings.
- Click Add new variable (+).
- Add the following two variables and their values:
- Sophos.DataRegion
- Sophos.TenantId
- Save your changes.
Add credentials to the vault in Oomnitza
To stream Sophos Endpoint Security data into Oomnitza, you must create and then add 0Auth 2.0 credentials to the Oomnitza vault.
Learn how to create 0Auth 2.0 credentials for Sophos. You must have Super Admin privileges in Sophos to create the credentials.
Procedure
- Log into Oomnitza.
- Click Settings > Credentials, and then click Add new credential (+).
- In the INFORMATION tab, add a name for the connection and choose an owner. The owner must have been added to the People page in Oomnitza.
- In the AUTHORIZATION tab, complete these actions:
- Select 0Auth 2.0 as the authorization protocol.
- Select Sophos Endpoint SecuritySophos OAuth 2.0 as the SaaS.
- Enter your client ID and secret.
- Authenticate and click Save.
See Oomnitza vault
Next step
You use the credentials that you added to create and customize your Sophos Endpoint Security integration with Oomnitza.
Integrate Sophos Endpoint Security with Oomnitza
Info and connect details
- From the menu, click Settings.
- On the Integrations page, scroll down to the Extended section for Assets.
- Click NEW INTEGRATION.
- In the New Asset Integration sidebar, click Sophos Endpoint Security.
- In the Sophos Endpoint Security section, click APPLY next to Sophos Asset Load
and then click NEXT twice.
On the Connect page, complete these steps:
- Enter a descriptive name for the integration such as Sophos Endpoint Security. That'll be the name of the integration that is shown on the Integrations page.
- Select User only as the user selection.
- Select Cloud as the installation type.
- Skip the Credentials field.
- As integration user, select the user that you added to the Oomnitza vault.
- Enter your tenant ID.
- Enter your data region. For example, if the URL for your data region is https://api- us03 .central.sophos.com . You enter us03 as the data region.
- Click Next.
Mappings
Map the Sophos Endpoint Security fields to the Oomnitza fields and create custom mappings to get the information that you need to manage your assets.
See Mapping
Sophos Endpoint Security fields that are mapped to Oomnitza
Asset ID
Asset Type
Build Number
Connector Sync Time
Health Overall
Hostname
Is Server
Is Tamper Protection Enabled
Last Seen At
OS Major Version
OS Minor Version
OS Name
Platform
Services Status
Tenant ID
Threats Status
User's ID
User's Name
Custom mappings
Need to map more fields to Oomnitza? Contact Oomnitza Support.
When you've completed mapping the fields, click NEXT.
Schedule
By default, data is streamed to Oomnitza once every day.
You can configure the schedule to meet your needs such as changing the interval or changing the time so that the data is streamed when your system isn't busy.
- Configure your schedule.
- Click FINISH.
Result
A new tile is created for the integration on the Integrations page.
What to do next
If you want to see what information is collected now, click the tile on the Integrations page and click RUN.
Figure: Mock-up for illustration purposes
If you want to change the integration settings, you can click a navigation link on the Integrations page, such as 4 Mappings, and edit the settings.
Use presets to create workflows
Reduce costs and save time by creating workflows with the following Oomnitza presets to automate administration and management tasks:
- Sophos Delete Endpoint
- Sophos Delete User
- Sophos Isolate Endpoint
- Sophos Remove Endpoint from Isolation
- Sophos Enable Tamper Protection for Endpoint
- Sophos Remove Tamper Protection from Endpoint
- Sophos User Role
Sophos Delete Endpoint
You can create a workflow that uses Sophos Delete Endpoint to delete an endpoint in Sophos. For example, you can use this preset to create workflows when an asset is flagged as lost, stolen, or destroyed. For this preset, the data region and tenant ID as defined in Global Settings is referenced as is the, sophos_asset_id field which is mapped to the Asset ID field in Oomnitza.
See Sophos Endpoint API - Delete Endpoints
See Add workflows using the API block
Sophos Delete User
You can create a workflow that uses Sophos Delete User to delete a user in Sophos.
See Add workflows using the API block
Sophos Isolate Endpoint
You can create a workflow that uses Sophos Isolate Endpoint to trigger the isolation of an endpoint in Sophos. For this preset, the data region and tenant ID as defined in Global Settings is referenced as is the, sophos_asset_id field which is mapped to the Asset ID field in Oomnitza.
See Add workflows using the API block
Sophos Remove Endpoint from Isolation
You can create a workflow that uses Sophos Remove Endpoint from Isolation to trigger the removal of an endpoint from isolation. In effect, this preset reverses the isolation of an endpoint and uses the same settings as Sophos Isolate Endpoint.
See Add workflows using the API block
Sophos Enable Tamper Protection for Endpoint
You can create a workflow that uses Sophos Enable Tamper Protection for Endpoint to enable tamper protection on a specified endpoint and require a new password to be generated. In effect, this preset reverses the isolation of an endpoint and uses the same settings as Sophos Remove Tamper Protection from Endpoint.
See Add workflows using the API block
Sophos Remove Tamper Protection from Endpoint
You can create a workflow that uses Sophos Remove Tamper Protection from Endpoint to trigger the removal of tamper protection from an endpoint so that a local admin user can uninstall the Sophos software. For this preset, the data region and tenant ID as defined in Global Settings is referenced as is the, sophos_asset_id field which is mapped to the Asset ID field in Oomnitza.
See Add workflows using the API block
Sophos User Role
You can create a workflow that uses the Sophos User Role to deactivate Sophos users.
See Add workflows using the SaaS User Role retrieval block
Other useful links
Add workflows using the API block
Complete these actions:
Add a workflow
- From the menu, click Assets.
- Click Workflow.
- Click Add (+).
- Enter the name and description of the workflow, and click Add new. A Begin and an End block are added to the sandbox.
Edit the Begin block
- On the Begin block, click Edit.
- Click ADD RULE to define the rules that will trigger the workflow.
- Click SAVE.
Choose a workflow action
- Drag and drop the API block onto the sandbox.
- On the API block, click Edit.
- To choose a workflow action, enter Sophos in the search field.
- Chose one of the following workflow actions:
- Sophos Delete Endpoint
- Sophos Delete User
- Sophos Enable Tamper Protection for Endpoint
- Sophos Isolate Endpoint
- Sophos Remove Endpoint from Isolation
- Sophos Remove Tamper Protection from Endpoint
- Click the right arrow (>), select the credentials that you added to Oomnitza.
- Click SAVE.
Before you validate and save your workflow, you must connect the Begin, API, and End blocks.
Add workflows using the SaaS User Role retrieval block
Complete these actions:
Add a workflow
- From the menu, click Software.
- Click Workflow > SaaS Users.
- Click Add (+).
- Enter the name and description of the workflow, and click Add new. A Begin and an End block are added to the sandbox.
Edit the Begin block
- On the Begin block, click Edit.
- Click ADD RULE to define the rules that will trigger the workflow.
- Click SAVE.
Choose a workflow action
- Drag and drop the SaaS User Role retrieval block onto the sandbox.
- On the SaaS User Role retrieval block, click Edit.
- To choose a workflow action, enter Sophos in the search field.
- Choose Sophos User Role.
- Click the right arrow (>), select the credentials that you added to Oomnitza.
- Click SAVE.
Before you validate and save your workflow, you must connect the Begin, SaaS User Role retrieval, and End blocks.
Open asset in Sophos Central
To open a view of the asset in Sophos Central, complete these steps in Oomnitza:
- Click Assets and select an asset.
- Click Configure the view.
- Click Add Link.
- Enter the name of the label such as Sophos Central.
- Enter this URL:
https://central.sophos.com/manage/devices/computers/ {{sophos_asset_id}} /summary
A link to open summary information about the asset in Sophos Central is automatically created. - Click SAVE.
See Adding links to field groups in Customizing Screens in Oomnitza
Unleash the power of Oomnitza
To get valuable actionable insights that help you manage your assets, learn how to:
- Configure dashboards for your assets and software
- Configure custom reports about your assets and software
See Getting started.
Comments
0 comments
Please sign in to leave a comment.