Sophos EDR Live Discover APIs are now generally available

We’re excited to announce that Live Discover APIs are now generally available in the APIs section of our Sophos Central Developer Portal!

Live Discover is a true game-changer for Sophos EDR. With it, organizations are able to live-query incredibly detailed data directly from the endpoints themselves, in real time!

With the new Live Discover APIs, Sophos partners and customers are now able to programmatically leverage queries, making it easier than ever to quickly respond to threats at scale and build a wealth of new functionality into our integrations.

Getting started

Here are a few details to help you get started using these APIs.

First, check out the Getting Started with Live Discover guide, which walks you through the full workflow – from understanding available queries to actually executing the queries, complete with sample cURL requests and JSON responses.

Make sure to reference the Live Discover Methods documentation as well, and get help in our Sophos Central API community if you need it.

Additionally, to support our base of developers, we have released a Postman collection in our public GitHub repository. This collection  contains our full suite of APIs – including the Live Discover APIs – and makes it easier for developers and non-developers alike to…

• Mock API flows
• Request and receive responses from our APIs without the need for detailed coding
• Self-serve the troubleshooting of issues, negating the need to contact Sophos for assistance

We hope you enjoy these powerful new features as much as we enjoyed building them. And if you’re new to Sophos EDR, visit Sophos.com/EDR for more information and to start a free trial.