Improved device list views
Including the ability to add/remove columns and filter results.
For example, add a column about tamper protection, and have the ability to filter for only devices with it disabled. Or to add a column about Intercept X software version and filter for certain version(s).
This would apply to Endpoint and Server views.
We intend to make this functionality available via APIs as well.
The APIs are now available, please see https://developer.sophos.com/ for more details.
For example, retrieving tamper protection status is available this way: https://developer.sophos.com/docs/endpoint-and-server/1/routes/endpoints/%7BendpointId%7D/tamper-protection/get
I appreciate many people simply want the admin UI to offer the functionality rather than just APIs, and we will update it to allow column addition/removal and filtering on any column. However, this is likely to not be until around August as the development team have been reassigned to assist another project for a few months. Sorry for the wait, I would very much like this to be available earlier.
I’ll leave this item open and “started” until the admin UI changes are released, but please do be aware of the API option in the meantime.
This would be really helpful
Paul Orr commented
Disappointed this isn't at least a report.
Grant Phillipson commented
I agree this should be a feature, just now it is too time consuming having to go into every device to check its tamper protection status. we should be able to run a report or have an extra column on one of the existing reports. also maybe place an alert if tamper protection is turned off.
Tamper protection status as a column
Stefan Bettighofer commented
We have to Reinstall ower PCs with disabled TP. Else the HitmanPro Alert Service Fails to install from time to time.
Its possible that we forget to aktivate the TP after the reinstallation of the Client.
+1 from me too.
Yes, need to be able to schedule reports and send them via email, like the on-premise Sophos Enterprise Console lets us do. This is critical from an auditors, regulators perspective.
Michael M commented
Hi, This would allow us to better managed our Customer endpoints. Knowing the component versions allow's us to determine if a device isn't receiving an update for some reason or if a device has installed a hotfix yet.
I'd recommend listing out what's in Installed Component under the Sophos Endpoint Self Help tool
Stephen Hogan (Progress Systems Limited) commented
It would not only be nice to have this to run manually, but also to schedule it into an email digest of sorts.
Mike Bailey commented
This also needs to be audited within the system that the event occurred. There needs to be a paper trail to document the fact that Tamper Protection was offline for a period of time.
FIND System with Tamper PROTECTION Disabled
We have multiple Admins on Central and Sometime during T/S the Tamper Protection is TURNED OFF for few systems. However if the ADMIN does not roll back its a RISK.
Need an AUDIT LOG REPORT for Systems with Tamper protection TURNED OFF
Zeb Smith commented
In this day and age of DevOps and Automation, the lack of an external API to perform at basic functions (at a minimum) is a huge shortcoming.
We should, at the very least, be able to easily query information about devices registered in Central, get a list of active alerts, etc. via a web service.
Email alerts on a fleet of many thousands of devices are simply not manageable.
David Veatch - Super Admin commented
I just found a relatively easy way to identify the machines that have Tamper Protection disabled - though it's not without its inconveniences.
Logs & Reports/Audit Logs
Tamper Protection changes are recorded here the Description column as "Update computer tamper protection"
Export as CSV is available, making it relatively easy to narrow it down to just those entries.
would add a schedule and send report via email
I totally agree with this, it's very hard to see on a large network which machines need a reboot, also whereas the console says "Reboot Recommended" the individual machines state "Reboot Needed" which is very different.
Tom Stacey commented
Endpoint and Server as well please. It would be a nightmare if i had to check all 2000 devices individually.
I want it too
FFUN Support commented
I have a feature request which I believe would be useful, especially to businesses that have multiple people managing Sophos. This is something that I believe is valuable in keeping things secure as I know there are people out there who do not follow up and put things back to normal. My Feature Request is:
- When looking at the list of all computers, in the drop down, there should be a filter for "List all devices with Tamper Proof Disabled"
Currently I have to check each PC in the list 1 by 1 to see if someone left Tamper Proof Disabled.
We really need this feature please, whether in drop down or a new column would be so MUCH more enterprise friendly than nothing. I tried the suggested Event report, but it was not accurate compared to current state. I had to run the Audit Logs -> Export which only told me that Tamper was changed and not whether enabled or disabled, so still had to touch a bunch of servers we had been troubleshooting.
I also agree that this would be very helpful. I have had a few instances where I have needed to disable Tamper Protection on an Endpoint, and then a while later (days or weeks) realized that I had forgotten to re-enable it.