Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 1 reply
  • Answers 1 answer
  • Subscribers 13 subscribers
  • Views 3306 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Export XDR / EDR data from Sophos intercept X to SIEM platform

Jeremy Hughes

Hi,

I need to be able to pull the telemetry from Sophos Intercept X into my SIEM. I am currently using the GitHub project linked below to pull alerts into the SIEM, but I need the raw telemetry. Is this possible yet? This is an old thread that was asking for the same - community.sophos.com/.../sending-process-creation-logs-to-siem 

https://github.com/sophos/Sophos-Central-SIEM-Integration

Thanks,

Jeremy



This thread was automatically locked due to age.
  • 0

    Hi Jeremy,

    Thanks for reaching out to the Sophos Community forum. 

    May I ask if you're trying to pull all of the data stored within the Sophos Data Lake, or if you are instead intending to use SIEM as an SOC? 

    It's not currently possible to replicate all of the data within the Sophos Data Lake. Most customers have chosen to run Data Lake and Live Discover queries against devices to then ingest the responses/data into their SIEM solutions. 

    It's also possible to use the XDR API in order to run queries.

    Kushal Lakhan
    Team Lead, Global Community Support
    Connect with Sophos Support, get alerted, and be informed.
    If a post solves your question, please use the "Verify Answer" button.
    The New Home of Sophos Support Videos!  Visit Sophos Techvids
Unfiltered HTML