If I had to pick one log outside of the APIs, Windows App Event log, it would be "C:\ProgramData\Sophos\Endpoint Defense\Logs\ssp.log" It does have HMPA detections as well, e.g.
A Process with path C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe detected as PrivGuard
Eicar example: A File C:\temp\eicar.txt belongs to virus/spyware 'EICAR-AV-Test' (Technical support reference: c7587ff519feda6ee503ab2bb6b72047bef50c5b0e62f812c1c10aa540130904)
excuse my insistence, but I can't solve my problem, I can't get the log I'm looking for, I want to explain myself again. I do not have Sophos installed, I am only looking for a log with Sophos antivirus integration for Siem, which if I am not mistaken is sophos intercept X, they do not have any log of this type that they provide me, or at least some description of the fields of the logs anti-virus? Thank you
excuse my insistence, but I can't solve my problem, I can't get the log I'm looking for, I want to explain myself again. I do not have Sophos installed, I am only looking for a log with Sophos antivirus integration for Siem, which if I am not mistaken is sophos intercept X, they do not have any log of this type that they provide me, or at least some description of the fields of the logs anti-virus? Thank you
The logs aren’t a supported or documented interface into the operation of the product. The official interface is the Sophos Central APIs to retrieve such data in a structured way.
