Sophos UTM: Decommissioning of obsolete URL categorization services CFFS. Click here for important info.
The script siem.py is very useful to retrieve alerts and actions on Sophos Central, but it is unable to collect data from XDR.
Is it possible to "empower" it to read XDR data? SIEM would have a complete visibility on activities done on the infrastructure and the security team would have a complete view to track malicious activities.
Currently, it’s not possible to replicate all the data stored in the Data Lake onto a SIEM or local environment, it's only possible to query the data. I suggest reaching out to your account manager to inquire if there’s anything present on the product roadmap that may fulfil your needs.
