Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 4 replies
  • Subscribers 14 subscribers
  • Views 1699 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Getting extral line from SIEM API Integration logs

Logicalis SOC

we have integrated Sophos with IBM QRadar siem  via SIEM API Script and We are receiving  logs to IBM Qradar but unable to parse the date due to  getting extra line in the log. IBM Qradar does not support Sophos central  but we can do customer parsing to parse the data. While we do custom parsing we are getting extra line in the single log from API script so unable to parse data due to this line. please help us  how can we remove extra line from the log.



This thread was automatically locked due to age.
Parents Reply
  • 0 in reply to GlennSen
    Hi There,
    As per our internal teams' response to this query
    For Legacy, we provide support for siem.py only. The siem API is deprecated - I would suggest you move to central API where we’re doing active development. 
    Glenn ArchieSeñas (GlennSen)
    Global Community Support Engineer

    The New Home of Sophos Support Videos!  Visit Sophos Techvids
Children
Unfiltered HTML