Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 13 subscribers
  • Views 9644 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

List of Sophos API event and alert types

Christian Barth

Hi all,

I am looking for a list of event and alert types I can pull from Sophos central using the API. The link in the KB is dead unfortunately. Also, I spent some time searching on google but can't find anything.

Can anybody help out please?

BR,

 

Christian



This thread was automatically locked due to age.
Parents
  • 0

    I do not know how your getting the API or parsing the logs but with my setup these are the events I have seen so far not in any order.

    Event::Task::RenewLicense

    Event::Endpoint::SavDisabled

    Event::Endpoint::Compliant

    Event::Endpoint::Threat::Detected

    Event::Endpoint::UpdateSuccess

    Event::Endpoint::UpdateFailure

    Event::Endpoint::Threat::CleanupFailed

    Event::Endpoint::UpdateRebootRequired

    Event::Endpoint::Application::Allowed

    Event::Endpoint::Application::Blocked

    Event::Endpoint::Device::AlertedOnly

    Event::Endpoint::NonCompliant

    Event::Endpoint::SavEnabled

    Event::Endpoint::SavScanComplete

    Event::Endpoint::Threat::PuaDetected

    Event::Endpoint::Threat::PuaDismissed

    Event::Endpoint::WebControlViolation

    Event::Endpoint::WebFilteringBlocked

    Event::Endpoint::Registered

    Event::Endpoint::UserAutoCreated

    Event::Endpoint::Protected

    Event::Endpoint::UpdateRebootUrgentlyRequired

    Event::Endpoint::OutOfDate

    Event::Endpoint::Reprotected

    Event::Endpoint::ServiceNotRunning

    Event::Endpoint::DownloadReputationUserAuthorised

    Event::ADSync::Success

    Event::ADSync::Error

    Event::Endpoint::NonCompliant

    INTERCEPT-X license I assume

    Event::Endpoint::HmpaCryptoGuardSMB

    Event::Endpoint::HmpaCryptoGuardSMBOrigin

    Event::Endpoint::HmpaCryptoGuardSMBResolved

    Event::Endpoint::HmpaExploitPrevented

  • 0 in reply to B_B

    I'm in the same predicament as you, I'm looking for a conclusive list.

    Only official thing I have found is this: http://docs.sophos.com/sophos-cloud/customer-dashboard/help/en-us/webhelp/concepts/ep_eventtypes.html but it does not seem to line up completely with the endpoint logs coming from central.

    When I have a larger list of types I can post it here as well, we've just started gathering

  • 0 in reply to Koen

    Event::ADSync::Error
    Event::ADSync::Success
    Event::Endpoint::Application::Allowed
    Event::Endpoint::Application::Blocked
    Event::Endpoint::Application::Detected
    Event::Endpoint::Compliant
    Event::Endpoint::Device::AlertedOnly
    Event::Endpoint::DownloadReputationUserAuthorised
    Event::Endpoint::DownloadReputationUserBlocked
    Event::Endpoint::HmpaCryptoGuard
    Event::Endpoint::HmpaCryptoGuardSMB
    Event::Endpoint::HmpaCryptoGuardSMBOrigin
    Event::Endpoint::HmpaCryptoGuardSMBResolved
    Event::Endpoint::HmpaExploitPrevented
    Event::Endpoint::Management::Resumed
    Event::Endpoint::Management::Suspended
    Event::Endpoint::NonCompliant
    Event::Endpoint::OutOfDate
    Event::Endpoint::Protected
    Event::Endpoint::Registered
    Event::Endpoint::Reprotected
    Event::Endpoint::SavDisabled
    Event::Endpoint::SavEnabled
    Event::Endpoint::SavScanComplete
    Event::Endpoint::ServiceNotRunning
    Event::Endpoint::ServiceRestored
    Event::Endpoint::Threat::CleanupFailed
    Event::Endpoint::Threat::Detected
    Event::Endpoint::Threat::PuaCleanedUp
    Event::Endpoint::Threat::PuaDetected
    Event::Endpoint::Threat::PuaDismissed
    Event::Endpoint::UpdateFailure
    Event::Endpoint::UpdateRebootRequired
    Event::Endpoint::UpdateRebootUrgentlyRequired
    Event::Endpoint::UpdateSuccess
    Event::Endpoint::UserAutoCreated
    Event::Endpoint::WebControlViolation
    Event::Endpoint::WebFilteringBlocked
    Event::Task::RenewLicense

Reply
  • 0 in reply to Koen

    Event::ADSync::Error
    Event::ADSync::Success
    Event::Endpoint::Application::Allowed
    Event::Endpoint::Application::Blocked
    Event::Endpoint::Application::Detected
    Event::Endpoint::Compliant
    Event::Endpoint::Device::AlertedOnly
    Event::Endpoint::DownloadReputationUserAuthorised
    Event::Endpoint::DownloadReputationUserBlocked
    Event::Endpoint::HmpaCryptoGuard
    Event::Endpoint::HmpaCryptoGuardSMB
    Event::Endpoint::HmpaCryptoGuardSMBOrigin
    Event::Endpoint::HmpaCryptoGuardSMBResolved
    Event::Endpoint::HmpaExploitPrevented
    Event::Endpoint::Management::Resumed
    Event::Endpoint::Management::Suspended
    Event::Endpoint::NonCompliant
    Event::Endpoint::OutOfDate
    Event::Endpoint::Protected
    Event::Endpoint::Registered
    Event::Endpoint::Reprotected
    Event::Endpoint::SavDisabled
    Event::Endpoint::SavEnabled
    Event::Endpoint::SavScanComplete
    Event::Endpoint::ServiceNotRunning
    Event::Endpoint::ServiceRestored
    Event::Endpoint::Threat::CleanupFailed
    Event::Endpoint::Threat::Detected
    Event::Endpoint::Threat::PuaCleanedUp
    Event::Endpoint::Threat::PuaDetected
    Event::Endpoint::Threat::PuaDismissed
    Event::Endpoint::UpdateFailure
    Event::Endpoint::UpdateRebootRequired
    Event::Endpoint::UpdateRebootUrgentlyRequired
    Event::Endpoint::UpdateSuccess
    Event::Endpoint::UserAutoCreated
    Event::Endpoint::WebControlViolation
    Event::Endpoint::WebFilteringBlocked
    Event::Task::RenewLicense

Children
No Data
Unfiltered HTML