Hi
We have generated a Splunk API key to integrate with Alerts being sent to Splunk and when we do so the alerts in the Dashboard seem to stop. Is this normal? Do I need to amend the script to stop this from happening?
Thanks, Anish
Hi
We have generated a Splunk API key to integrate with Alerts being sent to Splunk and when we do so the alerts in the Dashboard seem to stop. Is this normal? Do I need to amend the script to stop this from happening?
Thanks, Anish
Hi Anish,
Thanks for posting your question. No, this should not happen. The alerts and events in the Sophos Central Dashboard will continue to appear there regardless of whether you have created an API key or are using the SIEM API script. Would you be able to give me more details or an example? As I believe there will be a different explanation for this behaviour.
Thanks
Support Videos | Product Documentation | @SophosSupport | Sign up for SMS Alerts
If a post solves your question use the 'Verify Answer' link.
Technical Account Manager | Sophos Technical Support
Support Videos | Product Documentation | @SophosSupport | Sign up for SMS Alerts
If a post solves your question use the 'Verify Answer' link.
Hi,
As I dont have access to the Sophos platform I'm waiting for the customer to confirm some tests. As soon as I get this I'll update this post.
Thanks, Anish