We're trying to retrieve all Sophos Central alerts going back 12 months using the Sophos API but we're only able to see alerts from the previous 24 hours. Are we able to do this?
Thanks in advance
Yes, Central's data retention is 90 days for GDPR.
Which api? The SIEM one? Or the one documented here: https://developer.sophos.com/
Snr. New Product Introduction Engineer | CISSP | Sophos Technical SupportSupport Videos | Product Documentation | @SophosSupport | Sign up for SMS AlertsIf a post solves your question use the 'Verify Answer' link.
Unfortunately, it looks like Sophos Central only stored event data for the past 90 days. That will be as far back as you can go.
GitHub - sophos-cybersecurity/sophos-central-api-connector: Gather alerts and endpoint data from your Sophos Central tenants