Hi,
Has anyone integrated sophos central with siem recently via syslog? I've been running the script on Ubuntu and I can see events are being populated in result.txt but I don't see them in SIEM. I am %100 sure there is connectivity between siem and Ubuntu since I've sent test messages and they were received by SIEM. Can anyone comment please? Sophos support is directing me to get professional services for this and I don't think it is that hard to configure this.
# format can be json, cef or keyvalue
format = cef
# filename can be syslog, stdout, any custom filename
filename = result.txt
# endpoint can be event, alert or all
endpoint = all
# syslog properties
# for remote address use <remoteServerIp>:<port>, for e.g. 192.1.2.3:514
# for linux local systems use /dev/log
# for MAC OSX use /var/run/syslog
address = siem_IP:514
facility = daemon
socktype = udp
This thread was automatically locked due to age.