Sophos Ideas / Sophos Central

Sophos Central

Suggest, discuss, and vote on new ideas for Sophos Central. The unified console for managing your Sophos products.
Please raise all product releated feature requests in the respective product forum

Suggest an Idea for Sophos Central...

← Sophos Central

Improved device list views

Including the ability to add/remove columns and filter results.

For example, add a column about tamper protection, and have the ability to filter for only devices with it disabled. Or to add a column about Intercept X software version and filter for certain version(s).

This would apply to Endpoint and Server views.

We intend to make this functionality available via APIs as well.

485 votes
Sign in Sign in with Log in with your Sophos ID
Signed in as (Sign out)
Close
Close

We’ll send you updates on this idea

AdminJon (Admin, Sophos Features & Ideas Laboratory) shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →
Started  ·  AdminJon (Admin, Sophos Features & Ideas Laboratory) responded  · 

The APIs are now available, please see https://developer.sophos.com/ for more details.

For example, retrieving tamper protection status is available this way: https://developer.sophos.com/docs/endpoint-and-server/1/routes/endpoints/%7BendpointId%7D/tamper-protection/get

I appreciate many people simply want the admin UI to offer the functionality rather than just APIs, and we will update it to allow column addition/removal and filtering on any column. However, this is likely to not be until around August as the development team have been reassigned to assist another project for a few months. Sorry for the wait, I would very much like this to be available earlier.

I’ll leave this item open and “started” until the admin UI changes are released, but please do be aware of the API option in the meantime.

Show previous admin responses (1)

95 comments

Sign in Sign in with Log in with your Sophos ID
Signed in as (Sign out)
Close
Close
Submitting...
An error occurred while saving the comment
  • Philip commented  ·   ·  Flag as inappropriate

    I am receiving "Reboot required" alerts in the Console from computers that are offline. The trigger appears to be the scheduled scan.

    I'm also getting "Reboot required" alerts in the Console from computers that have been deleted and are no longer reporting to the sub-estate the alerts show up in! It is obvious that these alerts are generated in the Console, from the Console and have no bearing on what's really happening on the endpoint.

    These "Reboot required" alerts also appear to easily become "stale" and continue to report a reboot is necessary even after the endpoint Events list reports that a reboot has occurred.

    The best strategy at this point for dealing with these alerts is to clear them all and see if any more are generated to separate the current ones from the old ones.

  • Brett commented  ·   ·  Flag as inappropriate

    In addition we have to provide SLA compliance reports for saturation, software up to date over a compliance period (measured everyday over a month etc).
    Currently the only way to achieve this is to measure daily into excel then collate at the end of the reporting period.

  • Anonymous commented  ·   ·  Flag as inappropriate

    Dashboard should have an alert - "17 have Tamper Protecton disabled - click here for report"

  • Anonymous commented  ·   ·  Flag as inappropriate

    Dashboard should have an alert - "17 have Tamper Protecton disabled - click here for report"

  • Luke commented  ·   ·  Flag as inappropriate

    Cannot see why this is not already a feature of Sophos Central! Would be very helpful if this existed

  • Ron Becker commented  ·   ·  Flag as inappropriate

    Users aren't always at their consoles to see the momentary notification popup, and they rarely check their own dashboard. Partners are notified, yes, however this creates additional layers of complexity.

    In our case, often we also manage home computers for executive level staff that must have VPN office access. More often than not, we do not have independent (unassisted) remote access to these systems.

    Some of Sophos' security competitors change the icon in the Windows desktop notification area to reflect user interaction is needed. In one example, a yellow triangle with an [!} character is overlaid on the icon. I'm sure this would require a minimum of additional code and a bit of creative. This small change would go a long way toward increasing end user satisfaction.

  • Patrick commented  ·   ·  Flag as inappropriate

    I am definitely supporting this idea to add a solution like that, especially for the German market as the GDPR is demanding these kind of reports. Having an Endpoint Protection solution supporting that will be a big heads-up for competing at the market.
    We know about a German-based Endpoint Protection suite that delivers this kind of feature and went quite successful in placing their product at customers this way.

  • Wayde Erickson commented  ·   ·  Flag as inappropriate

    I thought it would be as easy as a Drop down menu from Server Protection dashboard. "Show all servers" , "Servers with Enabled Tamper Protection Off" That would be real nice.
    Thanks

  • Daniel Murrieta commented  ·   ·  Flag as inappropriate

    Hey Bryn, we have it all set to automatic updating. The team in charge of imaging is using a deployment software that I'd prefer not to mention publicly. It does seem to have issues with the image, but it's hard to tell as a lot of the issues also seem to fix themselves shortly after handing to a user and letting the computer stay online for a time. To be sure if it's the image or not, I'll need to monitor some 15-30 computers newly imaged over 2 weeks or so. The real issue seems to be from everyday users whose services just fail or go missing, but, again, I need to be more thorough in my monitoring before I can pinpoint that.

  • Bryn commented  ·   ·  Flag as inappropriate

    @Daniel - I noticed you are having issues with Sophos services not being installed correctly. Are you using the "Controlled Updates" option and a deployment task/image for deploying sophos?

  • Daniel Murrieta commented  ·   ·  Flag as inappropriate

    1. Add a status column for Tamper Protection Enabled/Disabled in the Devices list.

    2. Add a Enable/Disable Tamper Protection option to the Devices page. You would check as many boxes as necessary and then enable/disable tamper protection for them. This is necessary for mass reinstalls where Sophos is missing services or other.

    3. Add a timed option for when Tamper Protection will automatically come back on. This could be a pop-up that shows after clicking disable which would then ask how many hours/days it should be disabled, or if it should be disable indefinitely. This will add administrative security as it's easy to forget re-enabling.

    USE CASE: We need to reinstall Sophos to a large amount of computers currently missing services or having other issues. While we've found a way to push out a mass reinstall, we still have the task of going to each computer in Sophos Central, disabling the Tamper Protection, and then revisiting those computers later to re-enable Tamper Protection. I've noticed that there is a way to remove Tamper Protection for all computers in Global Settings, but that isn't ideal and presents an unnecessary security risk for every other unaffected computer.

  • Marek Adamczyk commented  ·   ·  Flag as inappropriate

    +1
    as techs at times forget to reenable it back and have to trace their tickets to find machines which they worked on to enable it back.

1 3 5

Sophos Central: Endpoint Protection

Categories

Feedback and Knowledge Base

(thinking…)
icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.