Skip to main content
Sign in

Creating an extended integration for Sophos Endpoint Security assets

Sam Peirce
  • August 05, 2022 13:39
  • Updated

Let Oomnitza be your single source of truth!

You'll get visibility of your devices as data from Sophos Endpoint Security is automatically transformed into consumable information and actionable insights.

Manage endpoints in Sophos
Oomnitza supports bi-directional APIs to manage configuration and other changes to devices in Sophos.

Connect Oomnitza and Sophos in minutes

Get the information and insights that you need to reduce costs and the time that you spend on administration tasks such as:

  • Configurable dashboards and list views of key asset and user information
  • Configurable reports to share information about your assets and software with your colleagues and management
  • Configurable workflows that you can create such as:
    • Workflows for isolating endpoints and removing endpoints from isolation
    • Workflows for enabling tamper protection and removing tamper protection for an endpoint
    • Workflows for deleting endpoints
    • Workflows for deactivating and deleting users 

Tip 
You can also configure a link in Oomnitza to view an asset in Sophos Central. See Open an asset in Sophos Central.

blue_link.svg Learn more about Sophos

Before you start

Check out the following links before you get started with your integration. 

Useful links

blue_link.svg Setting up Oomnitza extended connectors

blue_link.svg Getting started as a Sophos tenant 

To integrate Sophos Endpoint Manager with Oomnitza, you need to know;

  • Your tenant ID. For further information, refer to the Sophos API Documentation: Find your Tenant ID.
  • Your data region For example, if the URL for your data region is https://api- us03 .central.sophos.com you enter us03 as the data region.

Procedure

  1. Log into Oomnitza.
  2. Click Configuration > General > Global Settings.
  3. Click Add new variable (+).
  4. Add the following two variables and their values:
    1. Sophos.DataRegion
    2. Sophos.TenantId 
  5. Save your changes.

Add credentials to the vault in Oomnitza

To stream Sophos Endpoint Security data into Oomnitza, you must create and then add 0Auth 2.0 credentials to the Oomnitza vault. 

blue_link.svg Learn how to create OAuth 2.0 credentials for Sophos. You must have Super Admin privileges in Sophos to create the credentials.

Procedure

  1. In Oomnitza, click Configuration > Security > Credentials.
  2. Click Add new credential (+).
  3. Click the integration, and then click the forward button >.
  4. Enter the name of the credentials.
  5. Enter your client credentials and any other additional information.
  6. Click Authenticate. You are prompted to log in to authorize your request.
  7. Click CREATE.

Information
If the integration is not listed, click Advanced Mode, and add your credentials.

  1. In the INFORMATION tab, add a name for the connection and choose an owner. The owner must have been added to the People page in Oomnitza.
  2. In the AUTHORIZATION tab, complete these actions:
    1. Select OAuth 2.0 as the authorization protocol.
    2. Select Sophos as the SaaS.
    3. Enter your client ID and secret. 
  3. Authenticate and click Save

blue_link.svg See Oomnitza vault

Next step

You use the credentials that you added to create and customize your Sophos Endpoint Security integration with Oomnitza.

Integrate Sophos Endpoint Security with Oomnitza

  1. In Oomnitza, click Configuration> Integrations> Overview.
  2. Click Integrations List View.
  3. Scroll down to the Extended section for asset integrations.
  4. Click NEW INTEGRATION.
  5. Select the integration in the sidebar.
  6. Click ADD.

Integration Overview

About this task

More information is provided about the following fields to help you complete the integration:

  • Integration preferences:  By default,  Create and Update is selected. To ensure that only live user records are synced with Oomnitza, select Update Only. When you run the integration, you can check the error logs to see the records records that weren't uploaded and why they weren't uploaded. Then, you can decide whether to upload the user records that were skipped by changing your integration preference back to Create and Update.

Integration details

Procedure
To review or update the integrations details, click the pencil:

  1. Enter the name of the integration.
  2. For installation type, ensure that Cloud is selected.
  3. For integration preferences, select Update Only or go with the default.
  4. Enter the name of the integration user.

Credential details

Choose one of the following options:

  • Select the credentials that were created for the integration.
  • Edit the credentials that were created for the integration.
  • Create new credentials

Schedule

For information on scheduling, see Running an extended integration.

Mappings

To map the fields to Oomnitza, click the pencil.

Creating custom mappings

Map the Sophos Endpoint Security fields to the Oomnitza fields and create custom mappings to get the information that you need to manage your assets.

blue_link.svg See Mapping 

Sophos Endpoint Security fields that are mapped to Oomnitza

Asset ID
Asset Type
Build Number
Connector Sync Time
Health Overall
Hostname
Is Server
Is Tamper Protection Enabled
Last Seen At
OS Major Version
OS Minor Version
OS Name
Platform
Services Status
Tenant ID
Threats Status
User's ID
User's Name

Custom mappings
Need to map more fields to Oomnitza? Contact Oomnitza Support.

Use presets to create workflows

Reduce costs and save time by creating workflows with the following Oomnitza presets to automate administration and management tasks:

Sophos Delete Endpoint

You can create a workflow that uses Sophos Delete Endpoint to delete an endpoint in Sophos. For example, you can use this preset to create workflows when an asset is flagged as lost, stolen, or destroyed.  For this preset, the data region and tenant ID as defined in Global Settings is referenced as is the, sophos_asset_id field which is mapped to the Asset ID field in Oomnitza.

blue_link.svg See Sophos Endpoint API - Delete Endpoints

blue_link.svg See Add workflows using the API block

Sophos Delete User

You can create a workflow that uses Sophos Delete User to delete a user in Sophos. 

blue_link.svg See Add workflows using the API block 

Sophos Isolate Endpoint

You can create a workflow that uses Sophos Isolate Endpoint to trigger the isolation of an endpoint in Sophos. For this preset, the data region and tenant ID as defined in Global Settings is referenced as is the, sophos_asset_id field which is mapped to the Asset ID field in Oomnitza.

blue_link.svg See Sophos Endpoint API

blue_link.svg See Add workflows using the API block

Sophos Remove Endpoint from Isolation

You can create a workflow that uses Sophos Remove Endpoint from Isolation to trigger the removal of an endpoint from isolation. In effect, this preset reverses the isolation of an endpoint and uses the same settings as Sophos Isolate Endpoint.

blue_link.svg See Add workflows using the API block

Sophos Enable Tamper Protection for Endpoint

You can create a workflow that uses Sophos Enable Tamper Protection for Endpoint to enable tamper protection on a specified endpoint and require a new password to be generated. In effect, this preset reverses the isolation of an endpoint and uses the same settings as Sophos Remove Tamper Protection from Endpoint.

blue_link.svg See Add workflows using the API block

Sophos Remove Tamper Protection from Endpoint

You can create a workflow that uses Sophos Remove Tamper Protection from Endpoint to trigger the removal of tamper protection from an endpoint so that a local admin user can uninstall the Sophos software. For this preset, the data region and tenant ID as defined in Global Settings is referenced as is the, sophos_asset_id field which is mapped to the Asset ID field in Oomnitza.

blue_link.svg See Sophos Endpoint API

blue_link.svg See Add workflows using the API block

Sophos User Role

You can create a workflow that uses the Sophos User Role to deactivate Sophos users. 

 blue_link.svg See Add workflows using the SaaS User Role retrieval block 

Other useful links

blue_link.svg Workflow: Block Overview

blue_link.svg Understanding Workflows

Add workflows using the API block

Complete these actions:

Add a workflow

  1. Click Configuration > Workflows > Assets > .
  2. Click Add (+).
  3. Enter the name and description of the workflow, and click Add new. A Begin and an End block are added to the sandbox.

Edit the Begin block

  1. On the Begin block, click Edit.
  2. Click ADD RULE to define the rules that will trigger the workflow.
  3. Click SAVE.

Choose a workflow action

  1. Drag and drop the API block onto the sandbox.
  2. On the API block, click Edit.
  3. To choose a workflow action, enter Sophos in the search field.
  4. Chose one of the following workflow actions:
    • Sophos Delete Endpoint
    • Sophos Delete User
    • Sophos Enable Tamper Protection for Endpoint
    • Sophos Isolate Endpoint
    • Sophos Remove Endpoint from Isolation
    • Sophos Remove Tamper Protection from Endpoint
  5. Click the right arrow (>), select the credentials that you added to Oomnitza.
  6. Click SAVE.

Before you validate and save your workflow, you must connect the Begin, API, and End blocks. 

Add workflows using the SaaS User Role retrieval block

Complete these actions:

Add a workflow

  1. Click Configuration > WorkflowsSaaS Users.
  2. Click Add (+).
  3. Enter the name and description of the workflow, and click Add new. A Begin and an End block are added to the sandbox.

Edit the Begin block

  1. On the Begin block, click Edit.
  2. Click ADD RULE to define the rules that will trigger the workflow.
  3. Click SAVE.

Choose a workflow action

  1. Drag and drop the SaaS User Role retrieval block onto the sandbox.
  2. On the SaaS User Role retrieval block, click Edit.
  3. To choose a workflow action, enter Sophos in the search field.
  4. Choose Sophos User Role.
  5. Click the right arrow (>), select the credentials that you added to Oomnitza.
  6. Click SAVE.

Before you validate and save your workflow, you must connect the Begin, SaaS User Role retrieval, and End blocks.

Open asset in Sophos Central

To open a view of the asset in Sophos Central, complete these steps in Oomnitza:

  1. Click Assets and select an asset.
  2. Click Configure the view.
  3. Click Add Link.
  4. Enter the name of the label such as Sophos Central.
  5. Enter this URL:
      https://central.sophos.com/manage/devices/computers/ {{sophos_asset_id}} /summary
    A link to open summary information about the asset in Sophos Central is automatically created.
  6. Click SAVE.

blue_link.svg See Adding links to field groups in Customizing Screens in Oomnitza

Unleash the power of Oomnitza

To get valuable actionable insights that help you manage your assets, learn how to:

  • Configure dashboards for your assets and software
  • Configure custom reports about your assets and software

See Getting started.

Related articles

Comments

0 comments

Please sign in to leave a comment.

Powered by Zendesk