Skip to main content
Glama
rijul170

Sophos Central MCP Server

by rijul170

Server Configuration

Describes the environment variables required to run the server.

NameRequiredDescriptionDefault
MCP_HOSTNoBind host for HTTP transports (default: 127.0.0.1)127.0.0.1
MCP_PORTNoPort for HTTP transports (default: 3001)3001
MCP_TRANSPORTNoTransport mode: stdio, sse, or streamable-http (default: stdio)stdio
SOPHOS_CLIENT_IDYesPartner Super Admin Client ID from Sophos Central
SOPHOS_CLIENT_SECRETYesCorresponding client secret

Capabilities

Features and capabilities supported by this server

CapabilityDetails
tools
{
  "listChanged": true
}

Tools

Functions exposed to the LLM to take actions

NameDescription
sophos_authenticateA

Authenticate to Sophos Central using OAuth2 client credentials and obtain a JWT access token. The token is managed automatically and refreshed as needed. Call this first to verify credentials are working. Returns success status and authentication state.

sophos_whoamiA

Call GET /whoami/v1 to discover the authenticated entity's identity. Returns idType ('partner', 'organization', or 'tenant'), the entity's UUID (id), and regional API hosts (global and dataRegion). Use this to determine which account type is connected and which regional API base URL to use for tenant-scoped calls.

sophos_list_tenantsA

List all tenants managed by this Sophos Central Partner account. Returns tenant ID, name, data region, billing type, and regional API host for each tenant.

sophos_get_tenantA

Get details for a specific managed tenant by ID, including its regional API host.

sophos_create_tenantB

Create a new tenant under this Sophos Central Partner account. Requires tenant name, data geography, billing type, and primary contact details.

sophos_delete_tenantA

Delete a tenant managed by this partner. WARNING: This is a destructive, irreversible operation. Confirm the tenant ID carefully before calling this tool.

sophos_list_adminsB

List all partner-level administrators for this Sophos Central Partner account.

sophos_create_adminA

Create a new partner-level administrator. The admin will receive an invitation email.

sophos_get_partner_adminB

Get details for a specific partner-level administrator.

sophos_delete_partner_adminC

Delete a partner-level administrator.

sophos_list_rolesA

List all available partner-level roles that can be assigned to administrators.

sophos_get_partner_roleA

Get details for a specific partner role.

sophos_create_partner_roleA

Create a new partner-level role with the specified name and permission sets.

sophos_update_partner_roleB

Update a partner role's name or description.

sophos_delete_partner_roleC

Delete a partner role.

sophos_list_permission_setsA

List all available permission sets that can be used when creating partner roles.

sophos_list_role_assignmentsB

List all admins assigned to a specific partner role.

sophos_create_role_assignmentC

Assign a partner role to an admin (principal).

sophos_delete_role_assignmentC

Remove a role assignment from a partner admin (principal).

sophos_list_tenant_adminsA

List all administrators for a specific managed tenant using the partner-level endpoint. For tenant-scoped admin management (common/v1), use the tenant admin tools instead.

sophos_create_tenant_adminB

Create an administrator for a specific managed tenant using the partner-level endpoint. The admin will receive an invitation email.

sophos_get_billing_usageB

Get billing usage data for a specific month. Shows per-tenant, per-product usage quantities.

sophos_list_partner_admin_role_assignmentsB

List role assignments for a specific partner admin (shows which roles this admin holds).

sophos_create_partner_admin_role_assignmentB

Assign a role to a partner admin (add a role to an admin's existing role set).

sophos_delete_partner_admin_role_assignmentC

Remove a specific role assignment from a partner admin.

sophos_org_list_tenantsA

List tenants under this Sophos Central Organization account. Use this when your identity type is 'organization' rather than 'partner'. Supports pagination via page_key.

sophos_org_get_tenantB

Get details for a specific tenant under this Sophos Central Organization account.

sophos_list_account_access_tokensA

List all account-level access tokens for a tenant. These tokens are used to authenticate downloads of Sophos products such as Sophos Linux Sensor. Returns token metadata (ID, label, type, expiry) but NOT the actual token secret.

sophos_create_account_access_tokenA

Create a new account-level access token for a tenant. Currently supported token type: 'sophosLinuxSensor' — used to authenticate downloads of the Sophos Linux Sensor package. The token secret is returned only on creation; store it securely as it cannot be retrieved again.

sophos_update_account_access_tokenA

Update an existing account-level access token. Supports updating the token's label and/or expiry date. At least one of label or expires_at must be provided.

sophos_revoke_account_access_tokenA

Permanently revoke (delete) an account-level access token. Revoking a token immediately invalidates it — any software using it for package downloads will stop working. This action is irreversible.

sophos_get_licensesA

Get all product licenses (with current usage) for a Sophos Central tenant. Returns license type, quantity, start/end dates, perpetual flag, and current usage counts.

sophos_get_firewall_licensesA

Get firewalls and their licenses for a Sophos Central tenant or partner. Provide either tenant_id (for tenant context) or partner_id (for partner context), but not both.

sophos_list_quotesA

List distributor quotes from the Sophos Business Automation API. Only approved quotes are returned. Requires a Distributor ID.

sophos_get_quoteB

Get full details for a specific Sophos Business Automation quote by proposal number.

sophos_get_partner_levelB

Return partner level information for a distributor's partners. Filters by billing sub-region and optionally by name, update date, or EDI number.

sophos_list_endpointsB

List endpoints in a Sophos Central tenant with optional filtering by type, health status, tamper protection, hostname, or free-text search. Returns paginated results.

sophos_get_endpointA

Get detailed information about a specific endpoint by its ID, including health, OS, network, assigned products, and isolation status.

sophos_isolate_endpointA

Isolate an endpoint from the network. The endpoint will only be able to communicate with Sophos Central. Use this for incident response to contain a compromised machine.

sophos_deisolate_endpointA

Remove network isolation from an endpoint, restoring normal network connectivity.

sophos_get_isolation_statusB

Get the current isolation status of an endpoint.

sophos_get_tamper_protectionA

Get the tamper protection status and password for an endpoint. Tamper protection prevents unauthorized changes to Sophos agent settings.

sophos_set_tamper_protectionA

Enable or disable tamper protection on an endpoint. When enabled, Sophos agent settings cannot be changed without the tamper protection password. Optionally regenerate the password.

sophos_delete_endpointA

Delete (deregister) an endpoint from Sophos Central. This removes the endpoint record but does not uninstall the agent. Use with caution.

sophos_bulk_delete_endpointsA

Delete (deregister) multiple endpoints from Sophos Central in a single call. Accepts up to 100 endpoint UUIDs.

sophos_scan_endpointB

Trigger an on-demand scan on an endpoint. The scan runs asynchronously; this call initiates it.

sophos_force_update_checkB

Force an endpoint to check for and apply software updates from Sophos Central immediately.

sophos_request_forensic_logsA

Request forensic log collection from an endpoint for investigation. Returns a forensicLogRequestId to poll for status.

sophos_get_forensic_log_statusA

Get the status of a forensic log collection request previously initiated with sophos_request_forensic_logs.

sophos_request_memory_dumpA

Request a memory dump from an endpoint for forensic investigation. Requires specifying the dump mode and expiry time. Returns a memoryDumpRequestId to poll for status.

sophos_get_memory_dump_statusA

Get the status of a memory dump request previously initiated with sophos_request_memory_dump.

sophos_get_adaptive_attack_protectionA

Get Adaptive Attack Protection (AAP) settings for an endpoint. AAP temporarily increases protection during active attacks.

sophos_update_adaptive_attack_protectionA

Enable or disable Adaptive Attack Protection (AAP) on an endpoint. When enabled with an expiry duration, AAP automatically disables after that period.

sophos_bulk_isolate_endpointsA

Isolate or deisolate multiple endpoints at once via POST /endpoints/isolation.

sophos_list_peripheralsB

List peripheral devices detected by peripheral control across the tenant.

sophos_get_peripheralB

Get details for a specific peripheral device.

sophos_list_endpoint_migrationsA

List endpoint migration jobs for a tenant. Shows status of endpoint migrations between Sophos Central tenants.

sophos_start_migrationA

Start an endpoint migration job on the sending tenant. Generates a migration job token that the receiving tenant uses to accept the migration via sophos_accept_migration.

sophos_get_migration_jobA

Get the status and details of a specific endpoint migration job.

sophos_accept_migrationB

Accept an endpoint migration job on the receiving tenant using the job token generated by the sending tenant. This completes the migration transfer.

sophos_list_migration_endpointsA

List the endpoints included in a specific endpoint migration job and their migration status.

sophos_get_installer_downloadsB

Get available Sophos agent installer download links for specified products and platforms.

sophos_list_endpoint_groupsA

List all endpoint groups in a tenant. Groups are used to organize endpoints for policy assignment and management.

sophos_get_endpoint_groupA

Get details of a specific endpoint group, including its name, description, type, and endpoint count.

sophos_create_endpoint_groupB

Create a new endpoint group in a tenant. Groups organize endpoints by type (computer or server) and can be used for targeted policy assignment.

sophos_update_endpoint_groupB

Update the name and/or description of an existing endpoint group.

sophos_add_endpoints_to_groupA

Add one or more endpoints to an endpoint group. The endpoints will inherit any policies assigned to the group.

sophos_delete_endpoint_groupB

Delete an endpoint group. Endpoints in the group will not be deleted.

sophos_list_group_endpointsA

List all endpoints that are members of a specific endpoint group.

sophos_remove_endpoints_from_groupA

Remove one or more endpoints from an endpoint group. The endpoints themselves are not deleted.

sophos_list_policiesA

List endpoint policies in a tenant. Optionally filter by policy type. Supported types: threat-protection, web-control, application-control, peripheral-control, data-collection-and-investigation, device-encryption, server-threat-protection, server-peripheral-control, server-application-control, server-lockdown.

sophos_get_policyA

Get detailed information about a specific endpoint policy, including its settings, priority, and which endpoints it applies to.

sophos_create_policyB

Create a new endpoint policy. Specify the policy type, name, and optionally priority, enabled state, and settings as a JSON string.

sophos_update_policyA

Update an existing endpoint policy. You can modify its name, enabled state, priority, and/or settings.

sophos_delete_policyA

Delete an endpoint policy from a tenant. Endpoints previously governed by this policy will fall back to the base policy. Use with caution.

sophos_clone_policyA

Clone an existing endpoint policy. Creates a copy with a new name, inheriting all settings from the source policy.

sophos_list_policy_endpointsB

List the endpoints or endpoint groups governed by a specific policy.

sophos_list_mobile_devicesA

List mobile devices enrolled in Sophos Mobile for a tenant. Supports filtering by platform, management type, compliance status, health state, ownership, device groups, and date ranges. Returns paginated results.

sophos_get_mobile_deviceA

Get full details for a specific mobile device by its ID, including compliance status, installed apps, platform, and assigned policies.

sophos_create_mobile_deviceB

Register a new mobile device in Sophos Mobile MDM. Requires device name, ownership type (corporate/employee), and platform (iOS, macOS, android, chrome, windows).

sophos_update_mobile_deviceA

Update a mobile device's attributes (name, ownership type, group assignment, etc.). This is a full PUT replacement of the device record — all required fields must be supplied.

sophos_delete_mobile_deviceB

Remove a mobile device from Sophos Mobile MDM enrollment.

sophos_list_mobile_device_violationsA

List compliance violations for a specific mobile device.

sophos_list_mobile_device_appsB

List applications installed on a specific mobile device.

sophos_get_mobile_device_locationB

Get the last known GPS location for a specific mobile device.

sophos_list_mobile_device_policiesB

List MDM policies assigned to a specific mobile device.

sophos_list_mobile_device_propertiesC

List custom device properties for a specific mobile device.

sophos_create_mobile_device_propertyB

Add a custom property (key/value pair) to a mobile device. The key must follow the pattern 'custom.'.

sophos_update_mobile_device_propertyB

Update the value of an existing custom device property identified by its key.

sophos_delete_mobile_device_propertyB

Delete a custom property from a mobile device by its key.

sophos_list_mobile_device_scan_resultsB

List IXM (Intercept X for Mobile) scan results for a specific mobile device.

sophos_list_mobile_device_groupsB

List mobile device groups in a Sophos Mobile tenant.

sophos_get_mobile_device_groupB

Get details for a specific mobile device group by its ID.

sophos_create_mobile_device_groupB

Create a new mobile device group in Sophos Mobile. Requires name and compliance policy IDs for both employee- and corporate-owned devices.

sophos_update_mobile_device_groupA

Update a mobile device group. This is a full PUT replacement — all required fields must be provided.

sophos_delete_mobile_device_groupC

Delete a mobile device group from Sophos Mobile.

sophos_list_mobile_actionsB

List MDM actions (sync, scan, lock, wipe, etc.) for a tenant with filtering by type, state, endpoint IDs, and date ranges.

sophos_get_mobile_actionB

Get details for a specific MDM action by its ID.

sophos_delete_mobile_actionA

Delete a pending MDM action (cancel it before execution).

sophos_mobile_action_syncA

Trigger a sync action on up to 50 mobile devices — forces devices to check in with Sophos Mobile and apply pending policies.

Prompts

Interactive templates invoked by user choice

NameDescription

No prompts

Resources

Contextual data attached and managed by the client

NameDescription

No resources

Latest Blog Posts

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/rijul170/sophos-central-mcp'

If you have feedback or need assistance with the MCP directory API, please join our Discord server