I configured API creds within Sophos to send log data to local SIEM using:
It has stopped working and when running the .py script my results file show data from weeks ago.
I've tried recreating credentials within Central and ran the .py script using sudo but nothing new comes in.
I have it running on an internal instance of Ubutnu.
That api access is a deprecated pathway. We have a new, more robust API. Data can be found here: https://developer.sophos.com/
Program Manager, Support Readiness | CISSP | Sophos Technical SupportSupport Videos | Product Documentation | @SophosSupport | Sign up for SMS AlertsIf a post solves your question use the 'Verify Answer' link.