Alerts API enquiry


We are working on implementing API call integration to extract alerts and then process them into with tfsnow (Service Now).

The below article, for the alerts category, do you have more information available on each category?



Alert categories.

The following values are allowed:
azure, adSync, applicationControl, appReputation, blockListed, connectivity, cwg, denc, downloadReputation, endpointFirewall, fenc, forensicSnapshot, general, iaas, iaasAzure, isolation, malware, mtr, mobiles, policy, protection, pua, runtimeDetections, security, smc, systemHealth, uav, uncategorized, updating, utm, virt, wireless, xgEmail
Parents Reply
  • Thank you Qoosh. I had also logged a support ticket with Sophos on this and a support engineer provided this link: Sophos Central Admin: Event types and descriptions for Sophos Central API 

    This article is useful as it provides a description to the event types alerts from the API extracted from Sophos Central. This falls under the same path for what i am looking for but it gets very granular to each event type alerts within the Alert category. Do you know if there is information available that puts the Event types into which Alert Category? Just trying to determine which is best to create the automation for tfsnow (Service Now) to detect either an Alert Category or specific Event Types.

No Data