![]() In addition to the automation aspect of deleting devices, we also need to do some auditing and perhaps include some scenarios to enforce manual intervention before deletion can be authorized. Using a SOAR platform will allow you to pass each event through a flow process to determine what should happen to the device.īy checking the data you have from your SIEM against live Sophos Central Endpoint API data, you can make a final validation that the device is indeed inactive and can be deleted. We now have several systems identified in the data which could be deleted from Sophos Central. The best method is comparing the OS build of the device in against the data from Sophos Central. In this instance, this device should have a flag set for manual intervention to avoid errors. There could be a situation where the hostname and domain match a system in the inventory where the OS build does not match.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |