Enable scripting to XG over SSH
In our environment, we subscribe to lists of dynamically blocked IPs based on reputation and other factors. This dynamic list is on my system to which every day I must manually go and add or remove these IPs from our blacklist. Conversely, we also subscribe to MSFT O365 dynamic IPs and FQDN that needs to be whitelisted for our services to work. We would like to be able to script these dynamic updates to the appropriate hosts/host groups to make better use of our rules.
Sophos XG Firewall: How to use API to import web exceptions
You can do this per Web API. Please have a look for FQDNHost and FQDNHostGroup.
a really dirty way is to modify the hashmap for iptables with ipset. Add a Hostgroup, find the respondig object and modify it. but thats really dirty.
next idea: setup a local bind with zone domainlists.local and use an a entry pointing to all ip for whitelisting, another for blacklisting. So you can use a FQDN Object on your XG