Skip to content
/ SophosCentral-Powershell Public

SophosCentral-Powershell is a powershell module for automating tasks within the sophos central EDR system.

5 stars 4 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

jd1100/SophosCentral-Powershell

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

20 Commits
.gitattributes
.gitattributes
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
SophosCentral-Powershell.ps1
SophosCentral-Powershell.ps1
 
 

Repository files navigation

SophosCentral-Powershell

SophosCentral-Powershell is a custom powershell module with cmdlets for interacting with the Sophos Central api. This project was created out of necessity for performing batch operations against the sophos central console. Contributions are welcome and encouraged :)

Installation

git.exe clone https://github.com/jd1100/SophosCentral-Powershell.git; Import-Module .\SophosCentral-Powershell\SophosCentral-Powershell.ps1

Notes

This module assumes that there is only a single tenant in the sophos environment. There is currently no support for multiple tenants.

cmdlets

Toggle-TamperProtection

allows the user to enable/disable tamper protection for a single endpoint, a list of endpoints, or all endpoints in a tenant

usage

  • -computerName [hostname] -> specify a single host for which to toggle tamper protection
  • -csv [/path/to/file.csv] -> import a list of endpoints for which to toggle tamper protection

    • Note: the csv must be formatted with a single field named "hosts" with all the endpoint hostnames listed beneath

  • -all -> toggles tamper protection for all endpoints in the sophos central console
  • -enable -> enable tamper protection
  • -disable -> disable tamper protection

Get-SophosEndpoints

Enumerates all endpoints from the sophos central console. Additionally this cmdlet attempts to remove any duplicate endpoints.

usage

  • -sophosApiResponse [$apiResponse] -> specifies a hashtable object that contains all the information needed for making api requests

    • Note: even if not supplied, the cmdlet will attempt to authenticate on its own

  • -export -> exports the endpoints to a csv file called "endpoints.csv" in the current working directory

Get-SophosEndpointId

usage

  • -computerName [hostname] -> specify a single host to find the associated sophos central id
  • -sophosApiResponse [$apiResponse] -> specifies a hash table object that contains all the information needed for making api requests

    • Note: even if not supplied, the cmdlet will attempt to authenticate on its own

Authenticate-SophosApi

performs the initial authentication with the sophos central api using oAuth2. Returns a hashtable with metadata about the respective sophos central environment

To-Do

  • enable support for multiple tenants
  • Implement function/cmdlet for checking tamper protection status of a single host or a list of hosts
  • Make the removal of duplicate endpoints an optional flag for the Get-SophosEndpoints cmdlet i.e. create a cmdlet for removing duplicates from the collection of endpoints grabbed using the sophos central api

About

SophosCentral-Powershell is a powershell module for automating tasks within the sophos central EDR system.

Topics

powershell sophos-central-api sophos-central-console sophos-environment

Resources

Readme
Activity

Stars

5 stars

Watchers

1 watching

Forks

4 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages