Hi everyone,
I'm currently working on automating the deployment of Sophos Central Agent policies using Python. My goal is to create policies and add integrations programmatically. However, I'm facing challenges with the structure of the API request for adding Sophos central policies integration.
Issue: The API expects a complex structure of parameters, and despite multiple attempts with various structures, I consistently encounter errors. The primary issue seems to revolve around the inputs
parameter and the formatting of the client_id
within the config
object.
Attempts: I've tried different configurations for the request body, especially changing the format of inputs
between an object and an array, and ensuring that client_id
is a string. Despite these efforts, I keep running into the following error:
{
"statusCode": 400,
"error": "Bad Request",
"message": "[request body]: types that failed validation:
- [request body.0.inputs.0.config.client_id]: could not parse object value from json input
- [request body.1.inputs]: expected value of type [object] but got [Array]"
}
Request Structure: Here's an outline of my current request structure :
data = {
"name": "poc_sophos",
"policy_id": policy_id,
"package": {
"name": "sophos_central",
"version": "1.13.0"
},
"namespace": "sophos_poc",
"inputs": [{
"type": "sophos_central-httpjson",
"enabled": True,
"config": {
"client_id": str(client_id),
"client_secret": str(client_secret),
"tenant_id": str(tenant_id),
"request_url": str(request_url),
"token_url": str(token_url),
"proxy_url": None,
"ssl": None
},
"streams": [
{
"id": "sophos_central.alert",
"enabled": True,
"data": {
"http_client_timeout": "3000",
"interval": "60",
"initial_interval": "60",
"batch_size": 100,
"preserve_original_event": True,
"preserve_duplicate_custom_fields": True,
"tags": ["tag1", "tag2"]
}
},
{
"id": "sophos_central.event",
"enabled": True,
"data": {
"http_client_timeout": "3000",
"interval": "60",
"initial_interval": "60",
"batch_size": 100,
"preserve_original_event": True,
"preserve_duplicate_custom_fields": True,
"tags": ["tag1", "tag2"]
}
}
]
}]
}
Has anyone successfully automated this process and can share insights on the correct request structure ?
Could the issue be due to API version changes or documentation inconsistencies ?
Any suggestions for troubleshooting this issue further would be greatly appreciated.
Thank you in advance for your help and suggestions!