This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Help getting Enterprise Console 5.5.2 data into SIEM

We recently deployed a SIEM solution and I'm having issues getting our Sophos data to import into the SIEM service. 

I have added the SIEM's network login account as a member of the Sophos DB Admins group on the Sophos server in an attempt to give it direct access to the database without any luck.  Sophos's documentation states I need to use Reporting Interface and/or Log Writer, but I cannot find an actual how-to on downloading, installing, or setting up either of those services.

I can only find this link for Reporting Interface (https://www.sophos.com/en-us/support/documentation/reporting-interface.aspx#), but neither document tells HOW to set it up.  I tried to follow the Log Writer help document (https://www.sophos.com/en-us/support/documentation/reporting-log-writer.aspx), but it appears to be outdated or not relevant to me because I cannot find the "Console downloads" section it refers to.

Any guidance would be greatly appreciated.



This thread was automatically locked due to age.
Parents Reply
  • Hello Andrew LaFavers,

    it's the SOPHOS552 database.

    As for what you see - the LogWriter is in the same place as SEC, if you click Endpoint and Server Protection it should your license and Download and Updates on the left. LogWriter is under Console directly below SEC.

    Christian

Children