Skip to main content
Sign in

Creating an extended integration for Sophos Endpoint Security assets

Sam Peirce
  • June 16, 2022 10:42
  • Updated

Let Oomnitza be your single source of truth!

You'll get visibility of your devices as data from Sophos Endpoint Security is automatically transformed into consumable information and actionable insights.

Manage endpoints in Sophos
Oomnitza supports bi-directional APIs to manage configuration and other changes to devices in Sophos.

Connect Oomnitza and Sophos in minutes

Get the information and insights that you need to reduce costs and the time that you spend on administration tasks such as:

  • Configurable dashboards and list views of key asset and user information
  • Configurable reports to share information about your assets and software with your colleagues and management
  • Configurable workflows that you can create such as:
    • Workflows for isolating endpoints and removing endpoints from isolation
    • Workflows for enabling tamper protection and removing tamper protection for an endpoint
    • Workflows for deleting endpoints
    • Workflows for deactivating and deleting users 

Tip 
You can also configure a link in Oomnitza to view an asset in Sophos Central. See Open an asset in Sophos Central.

blue_link.svg Learn more about Sophos

Before you start

Check out the following links before you get started with your integration. 

Useful links

blue_link.svg Setting up Oomnitza extended connectors

blue_link.svg Getting started as a Sophos tenant 

To integrate Sophos Endpoint Manager with Oomnitza, you need to know;

  • Your tenant ID
  • Your data region 

Procedure

  1. Log into Oomnitza.
  2. Click Configuration > General > Global Settings.
  3. Click Add new variable (+).
  4. Add the following two variables and their values:
    1. Sophos.DataRegion
    2. Sophos.TenantId 
  5. Save your changes.

Add credentials to the vault in Oomnitza

To stream Sophos Endpoint Security data into Oomnitza, you must create and then add 0Auth 2.0 credentials to the Oomnitza vault. 

blue_link.svg Learn how to create 0Auth 2.0 credentials for Sophos. You must have Super Admin privileges in Sophos to create the credentials.

Procedure

  1. Log into Oomnitza.
  2. Click Configuration > Security > Credentials, and then click Add new credential (+).
  3. In the INFORMATION tab, add a name for the connection and choose an owner. The owner must have been added to the People page in Oomnitza.
  4. In the AUTHORIZATION tab, complete these actions:
    1. Select 0Auth 2.0 as the authorization protocol.
    2. Select Sophos as the SaaS.
    3. Enter your client ID and secret. 
  5. Authenticate and click Save

blue_link.svg See Oomnitza vault

Next step

You use the credentials that you added to create and customize your Sophos Endpoint Security integration with Oomnitza.

Integrate Sophos Endpoint Security with Oomnitza

Info and connect details

  1. Click Configuration > Integrations and then click Integrations List View IntegrationsListView.svg.
  2. On the Integrations page, scroll down to the Extended section for Assets.
  3. Click NEW INTEGRATION.
  4. In the New Asset Integration sidebar, click Sophos Endpoint Security.
  5. In the Sophos Endpoint Security section, click APPLY next to Sophos Asset Load  
    and then click NEXT twice.

On the Connect page, complete these steps:

  1. Enter a descriptive name for the integration such as Sophos Endpoint Security. That'll be the name of the integration that is shown on the Integrations page.
  2. Select User only as the user selection.  
  3. Select Cloud as the installation type.
  4. Skip the Credentials field.
  5. As integration user, select the user that you added to the Oomnitza vault. 
  6. Enter your tenant ID.
  7. Enter your data region. For example, if the URL for your data region is https://api- us03 .central.sophos.com . You enter us03 as the data region.
  8. Click Next.

Mappings

Map the Sophos Endpoint Security fields to the Oomnitza fields and create custom mappings to get the information that you need to manage your assets.

blue_link.svg See Mapping 

Sophos Endpoint Security fields that are mapped to Oomnitza

Asset ID
Asset Type
Build Number
Connector Sync Time
Health Overall
Hostname
Is Server
Is Tamper Protection Enabled
Last Seen At
OS Major Version
OS Minor Version
OS Name
Platform
Services Status
Tenant ID
Threats Status
User's ID
User's Name

Custom mappings
Need to map more fields to Oomnitza? Contact Oomnitza Support.

When you've completed mapping the fields, click NEXT

Schedule

By default, data is streamed to Oomnitza once every day.

You can configure the schedule to meet your needs such as changing the interval or changing the time so that the data is streamed when your system isn't busy.

  1. Configure your schedule.
  2. Click FINISH.

Result

A new tile is created for the integration on the Integrations page. 

What to do next

If you want to see what information is collected now, click the tile on the Integrations page and click RUN.

edit-integration.svg

Figure: Mock-up for illustration purposes

If you want to change the integration settings, you can click a navigation link on the Integrations page, such as 4 Mappings, and edit the settings. 

Use presets to create workflows

Reduce costs and save time by creating workflows with the following Oomnitza presets to automate administration and management tasks:

Sophos Delete Endpoint

You can create a workflow that uses Sophos Delete Endpoint to delete an endpoint in Sophos. For example, you can use this preset to create workflows when an asset is flagged as lost, stolen, or destroyed.  For this preset, the data region and tenant ID as defined in Global Settings is referenced as is the, sophos_asset_id field which is mapped to the Asset ID field in Oomnitza.

blue_link.svg See Sophos Endpoint API - Delete Endpoints

blue_link.svg See Add workflows using the API block

Sophos Delete User

You can create a workflow that uses Sophos Delete User to delete a user in Sophos. 

blue_link.svg See Add workflows using the API block 

Sophos Isolate Endpoint

You can create a workflow that uses Sophos Isolate Endpoint to trigger the isolation of an endpoint in Sophos. For this preset, the data region and tenant ID as defined in Global Settings is referenced as is the, sophos_asset_id field which is mapped to the Asset ID field in Oomnitza.

blue_link.svg See Sophos Endpoint API

blue_link.svg See Add workflows using the API block

Sophos Remove Endpoint from Isolation

You can create a workflow that uses Sophos Remove Endpoint from Isolation to trigger the removal of an endpoint from isolation. In effect, this preset reverses the isolation of an endpoint and uses the same settings as Sophos Isolate Endpoint.

blue_link.svg See Add workflows using the API block

Sophos Enable Tamper Protection for Endpoint

You can create a workflow that uses Sophos Enable Tamper Protection for Endpoint to enable tamper protection on a specified endpoint and require a new password to be generated. In effect, this preset reverses the isolation of an endpoint and uses the same settings as Sophos Remove Tamper Protection from Endpoint.

blue_link.svg See Add workflows using the API block

Sophos Remove Tamper Protection from Endpoint

You can create a workflow that uses Sophos Remove Tamper Protection from Endpoint to trigger the removal of tamper protection from an endpoint so that a local admin user can uninstall the Sophos software. For this preset, the data region and tenant ID as defined in Global Settings is referenced as is the, sophos_asset_id field which is mapped to the Asset ID field in Oomnitza.

blue_link.svg See Sophos Endpoint API

blue_link.svg See Add workflows using the API block

Sophos User Role

You can create a workflow that uses the Sophos User Role to deactivate Sophos users. 

 blue_link.svg See Add workflows using the SaaS User Role retrieval block 

Other useful links

blue_link.svg Workflow: Block Overview

blue_link.svg Understanding Workflows

Add workflows using the API block

Complete these actions:

Add a workflow

  1. Click Configuration > Workflows > Assets > .
  2. Click Add (+).
  3. Enter the name and description of the workflow, and click Add new. A Begin and an End block are added to the sandbox.

Edit the Begin block

  1. On the Begin block, click Edit.
  2. Click ADD RULE to define the rules that will trigger the workflow.
  3. Click SAVE.

Choose a workflow action

  1. Drag and drop the API block onto the sandbox.
  2. On the API block, click Edit.
  3. To choose a workflow action, enter Sophos in the search field.
  4. Chose one of the following workflow actions:
    • Sophos Delete Endpoint
    • Sophos Delete User
    • Sophos Enable Tamper Protection for Endpoint
    • Sophos Isolate Endpoint
    • Sophos Remove Endpoint from Isolation
    • Sophos Remove Tamper Protection from Endpoint
  5. Click the right arrow (>), select the credentials that you added to Oomnitza.
  6. Click SAVE.

Before you validate and save your workflow, you must connect the Begin, API, and End blocks. 

Add workflows using the SaaS User Role retrieval block

Complete these actions:

Add a workflow

  1. Click Configuration > WorkflowsSaaS Users.
  2. Click Add (+).
  3. Enter the name and description of the workflow, and click Add new. A Begin and an End block are added to the sandbox.

Edit the Begin block

  1. On the Begin block, click Edit.
  2. Click ADD RULE to define the rules that will trigger the workflow.
  3. Click SAVE.

Choose a workflow action

  1. Drag and drop the SaaS User Role retrieval block onto the sandbox.
  2. On the SaaS User Role retrieval block, click Edit.
  3. To choose a workflow action, enter Sophos in the search field.
  4. Choose Sophos User Role.
  5. Click the right arrow (>), select the credentials that you added to Oomnitza.
  6. Click SAVE.

Before you validate and save your workflow, you must connect the Begin, SaaS User Role retrieval, and End blocks.

Open asset in Sophos Central

To open a view of the asset in Sophos Central, complete these steps in Oomnitza:

  1. Click Assets and select an asset.
  2. Click Configure the view.
  3. Click Add Link.
  4. Enter the name of the label such as Sophos Central.
  5. Enter this URL:
      https://central.sophos.com/manage/devices/computers/ {{sophos_asset_id}} /summary
    A link to open summary information about the asset in Sophos Central is automatically created.
  6. Click SAVE.

blue_link.svg See Adding links to field groups in Customizing Screens in Oomnitza

Unleash the power of Oomnitza

To get valuable actionable insights that help you manage your assets, learn how to:

  • Configure dashboards for your assets and software
  • Configure custom reports about your assets and software

See Getting started.

Related articles

Comments

0 comments

Please sign in to leave a comment.

Powered by Zendesk