Reflexion will be End-of-life on March 31,2023. See Sophos Reflexion EoL FAQs to learn more.
The script siem.py is very useful to retrieve alerts and actions on Sophos Central, but it is unable to collect data from XDR.
Is it possible to "empower" it to read XDR data? SIEM would have a complete visibility on activities done on the infrastructure and the security team would have a complete view to track malicious activities.