Integrate Sophos via Scripted Actions
Using Scripted Actions, it is possible to integrate Sophos Central endpoint protection into Nerdio Manager, allowing Nerdio Manager to manage the installation/removal of endpoint protection for your session hosts.
The default Nerdio-provided windows scripted action Install Sophos Server Endpoint Protection Agent can be used to install the Sophos endpoint. However, before use, secure variables must be defined within Nerdio Manager that are specific to your Sophos environment. The following steps guide you through the process for obtaining the necessary secrets from your Sophos environment and entering them into Nerdio Manager.
Determine your Sophos Central Environment Setup
Sophos Environments fall under the following types: Partner, Organization, and Tenant. See this article for details.
For the purposes of Nerdio Manager, we need to know which one you are. You can quickly determine your type by looking at the word present in the Sophos Central menu at the top left.
Admin = Tenant Portal
Enterprise = Organization Portal
Partner = Partner Portal
If you are in the Partner Portal or Organization Portal, you need to perform the following steps to get the Tenant ID and APIHost. Otherwise, you can skip to Retrieve the Client ID and Client Secret.
Get the Tenant ID and APIHost (Partners and Organizations Only)
Visit the documentation page corresponding to your portal: Partner or Organization.
Follow the first steps in the appropriate guide to get your Client ID and Client Secret.
On your local computer, open PowerShell ISE.
Copy the following script.
$ClientID= 'XXXXXXXXXXXXXXXXXX'
$ClientSecret= 'XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX'
$AuthBody = @{
grant_type = "client_credentials"
client_id = $ClientID
client_secret = $ClientSecret
scope = "token"
}
Write-Output "INFO: Retrieving Auth Info using Client Secrets"
$AuthResponse = (Invoke-RestMethod -Method 'post' -Uri 'https://id.sophos.com/api/v2/oauth2/token' -Body $AuthBody)
$AuthToken = $AuthResponse.access_token
$AuthHeaders = @{Authorization = "Bearer $AuthToken"}
$WhoAmIResponse = (Invoke-RestMethod -Method 'get' -headers $AuthHeaders -Uri 'https://api.central.sophos.com/whoami/v1')
$ID = $WhoAmIResponse.Id
if($WhoAmIResponse.idType -eq 'partner'){
$PartnerHeaders =@{
Authorization = "Bearer $AuthToken"
'X-Partner-ID' = $ID}
(Invoke-RestMethod -method 'get' -headers $PartnerHeaders -uri 'https://api.central.sophos.com/partner/v1/tenants?pageTotal=true').items
}
else{
$OrgHeaders =@{
Authorization = "Bearer $AuthToken"
'X-Organization-ID' = $ID}
Invoke-RestMethod -method 'get' -headers $OrgHeaders -uri 'https://api.central.sophos.com/partner/v1/tenants?pageTotal=true'
}
Replace the $ClientID and $ClientSecret variables and run the script.
You should receive a list of tenants detailing Names, IDs, and APIHosts. Each tenant looks something like this. The Tenant ID is the top "id" for each returned result and APIHost is simply under "apiHost.":
Retrieve the Client ID and Client Secret
Follow this guide to retrieve the Client ID and Client Secret.
Note: Be sure to note the Client Secret and Client ID provided. In addition, be careful where these are stored.
Configure and Use the Installation Script in Nerdio Manager
In Nerdio Manager, you must create the following Global Secure Variables for the Sophos Server Endpoint Protection Agent installation and removal scripts:
Note: See Scripted Actions Global Secure Variables for details about creating Global Secure Variables.
Client ID: sophosclientid
Client Secret: sophosclientsecret
Tenant ID: sophostenantid (For Partner or Organizations installs only)
API Host: sophosapihost (For Partner or Organizations installs only)
Note: Once you create the variables, the installation and removal scripts are ready to use. It is recommended that you test on a validation/development session host before deployment.
Locate the Host Pool you wish to install the Sophos Server Endpoint Protection Agent on.
From the action menu, select Properties > VM Deployment.
Toggle on Run Scripted actions when host VM is CREATED.
From the drop-down list, select the installation script.
Toggle on Run Scripted actions when host VM is REMOVED.
From the drop-down list, select the removal script.
Select Save & close.
The scripted actions automatically installs/removes the Sophos Server Endpoint Protection Agent on session hosts VMs in the host pool.
Comments (0 comments)