Anyone using the SIEM Integration API Events endpoint? We have a process that is searching for the events. Two days ago it stopped returning any events. In troubleshooting I am finding that if I use the exclude_types parameters then I don't get any event at all. If I don't use it, I do get events.
The process/code has been working for a few years, so I am not sure if something changed or maybe something is broken on the Sophos side?
Hello, GregBeck,
We appreciate your reaching out to the Sophos Community Forum.
At this time, there’s no official announcement or documented incident regarding issues with the exclude_types parameter in the Sophos SIEM Integration API.
Please ensure you’re using the pre-built SIEM Integration API provided by Sophos, not a custom-built or unofficial integration.
Please open a Technical support case with detailed logs and examples of your API requests and responses with screenshots. This will allow our technical team to investigate your situation directly and provide targeted assistance. Also, please share the case ID here so we can monitor.
Please refer to these articles for reference:
Quote