reqopfb.blogg.se - Sophos central endpoint standard

!sophos-central-alert-action action=clearThreat alert_id=8e879165-81cb-4747-8608-1cc4e630a017 message=testmessage Context Example # Possible values are: "acknowledge", "cleanPua", "cleanVirus", "authPua", "clearThreat", "clearHmpa", "sendMsgPua", and "sendMsgThreat".Īctions that you can perform on the alert.

Sophos-central-alert-action Input # Argument NameĪctions to perform on the alerts. } Copy Human Readable Output # Found Alert: # id Sophos-central-alert-get Input # Argument Name Results on this page: 3.Maximum number of results allowed in a page: 100 sophos-central-alert-get # Malicious connection detected: 'C2/Generic-B' at 'C:\Windows\System32\wscript.exe' (Technical Support reference: 277413403)Įvent::Endpoint::Threat::CommandAndControlDetected Manual cleanup required: 'EICAR-AV-Test' at 'C:\Users\JonDoe\Downloads\eicarcom2.zip' } Copy Human Readable Output # Listed Alerts: # id !sophos-central-alert-list limit=50 Context Example # The name of the referenced person object. Maximum is "100".Īctions that you can perform on these alerts. Sophos-central-alert-list Input # Argument Name

You can execute these commands from the Cortex XSOAR CLI, as part of an automation, or in a playbook.Īfter you successfully execute a command, a DBot message appears in the War Room with the command details.

Click Test to validate the URLs, token, and connection.

Required in case of partner/organization level credentials Tenant ID on which the commands would be executed by default.

Click Add instance to create and configure a new integration instance.

Navigate to Settings > Integrations > Servers & Services.

Configure Sophos Central on Cortex XSOAR # The unified console for managing Sophos products. This Integration is part of the Sophos Central Pack.