SIEM integration API

The script siem.py is very useful to retrieve alerts and actions on Sophos Central, but it is unable to collect data from XDR.

Is it possible to "empower" it to read XDR data? SIEM would have a complete visibility on activities done on the infrastructure and the security team would have a complete view to track malicious activities.

Top Replies

Qoosh over 1 year ago in reply to Luca Comellini +1 suggested

Currently, it’s not possible to replicate all the data stored in the Data Lake onto a SIEM or local environment, it's only possible to query the data. I suggest reaching out to your account manager to…

Parents

0 RichardP over 1 year ago

To access that sort of data, we have another API documented here: https://developer.sophos.com/

RichardP

Program Manager, Support Readiness | CISSP | Sophos Technical Support
Support Videos | Product Documentation | @SophosSupport | Sign up for SMS Alerts
If a post solves your question use the 'Verify Answer' link.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Reject Answer

Cancel
0 Luca Comellini over 1 year ago in reply to RichardP

Hi. Thank you for your answer.

I perfectly know how Sophos API works, but SIEM Integration API does not collect XDR data.

I would like to ask a feature enhancement to let this integration collect XDR data as well.

regards
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Reply

0 Luca Comellini over 1 year ago in reply to RichardP

Hi. Thank you for your answer.

I perfectly know how Sophos API works, but SIEM Integration API does not collect XDR data.

I would like to ask a feature enhancement to let this integration collect XDR data as well.

regards
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Children

0 Qoosh over 1 year ago in reply to Luca Comellini

Currently, it’s not possible to replicate all the data stored in the Data Lake onto a SIEM or local environment, it's only possible to query the data. I suggest reaching out to your account manager to inquire if there’s anything present on the product roadmap that may fulfil your needs.

Kushal Lakhan

Team Lead, Global Community Support
Connect with Sophos Support, get alerted, and be informed.
If a post solves your question, please use the "Verify Answer" button.

The New Home of Sophos Support Videos! - Visit Sophos Techvids
Cancel
Vote Up +1 Vote Down

Sign in to reply

Verify Answer

Reject Answer

Cancel