check_sophos_central

                                        
Icinga check plugin for the status of alerts and endpoints over the API of the Sophos Central cloud service

                    

        
        

            
            

                

    

    
check_sophos_central


Check the status of alerts and endpoints over the API of the Sophos Central cloud service.


The plugin currently checks the state of all alerts and endpoints within a tenant, you need to supply API Token
(ID and secret) for a single tenant.


Usage


Arguments:
      --client-id string               API Client ID (env:SOPHOS_CLIENT_ID)
      --client-secret string           API Client Secret (env:SOPHOS_CLIENT_SECRET)
      --show-all                       List all non-ok endpoints
      --page-size uint32               Amount of objects to fetch during each API call (default 100)
      --exclude-alert stringArray      Alerts to ignore. Can be used multiple times and supports regex.
      --exclude-endpoint stringArray   Endpoints to ignore. Can be used multiple times and supports regex.
      --api string                     API Base URL (default "https://api.central.sophos.com")
  -t, --timeout int                    Abort the check after n seconds (default 30)
  -d, --debug                          Enable debug mode
  -v, --verbose                        Enable verbose mode
  -V, --version                        Print version and exit


Example


$ ./check_sophos_central --client-id efce870a-6c53-4a6b-8c49-864894b9d8ee --client-secret thatwouldbeagoodjoke
CRITICAL - alerts: 2 medium - endpoints: 2 good, 3 bad, 6 suspicious

## Alerts
2020-09-04 07:31 CEST [medium] TEST (server) PUA detected: 'PsExec' at 'E:\UserShares$\Max Mustermann\Desktop\PSTools.zip\PsExec.exe\FILE:0000'
2020-09-04 07:31 CEST [medium] TEST (server) PUA detected: 'PsKill' at 'E:\UserShares$\Max Mustermann\Desktop\PSTools.zip\pskill.exe'

## Endpoints
bad: HOST1, HOST2, HOST6
suspicious: HOST11, HOST12, HOST13, HOST14, HOST15, ...
| 'alerts'=0 'alerts_high'=0 'alerts_medium'=0 'alerts_low'=0 'endpoints_total'=11 'endpoints_good'=2 'endpoints_bad'=3 'endpoints_suspicious'=6 'endpoints_unknown'=0


API Documentation


Full API documentation is available at developer.sophos.com.


License


Copyright (c) 2020 info@netways.de" rel="nofollow">NETWAYS GmbH \
Copyright (c) 2020 markus.frosch@netways.de" rel="nofollow">Markus Frosch


This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.


This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
GNU General Public License for more details.


You should have received a copy of the GNU General Public License
along with this program.  If not, see gnu.org/licenses.