new to sophos intercept x
I used this to get event log details in sample.log files
github.com/.../Sophos-Central-SIEM-Integration
How can I connect wazuh SIEM from Sophos?
this script get log file in script log folder, so how will syslog connect to SIEM machine?
token_info = <api url>
# Client ID and Client Secret for Partners, Organizations and Tenants
# <Copy Client ID and Client Secret from Sophos Central here>
client_id =
client_secret =
# Customer tenant Id
tenant_id =
# Host URL for Oauth token
auth_url = id.sophos.com/.../token
# whoami API host url
api_host = api.central.sophos.com
# format can be json, cef or keyvalue
format = cef
# filename can be syslog, stdout, any custom filename
filename = result.log
# endpoint can be event, alert or all
endpoint = all
# syslog properties
# for remote address use <remoteServerIp>:<port>, for e.g. 192.1.2.3:514
# for linux local systems use /dev/log
# for MAC OSX use /var/run/syslog
address = /var/log/
facility = daemon
socktype = udp
# cache file full or relative path (with a ".json" extension)
state_file_path = state/siem_sophos.json
This thread was automatically locked due to age.
