What log types are currently not supported with this release?
Currently the following three event log types are not supported in the ingestor APP (TA)
Authentication events to the SFOS device
SFOS system state logs
Email Anti-Spam events
What source types are used to build the XG visualizations in the Dashboard APP?
Sophos App For Splunk provides 7 dashboards and several visualizations to provide user insights into the data collected from the Sophos XG Firewall platform. The below table provides a list of visualization source types use in each dashboard.
…
What Splunk CIM tags are used and mapped to the XG Event Types?
Sophos XG Firewall Add-on For Splunk maps the data collected to the Network Traffic CIM data model of Splunk. Please see the below table for a complete reference list.
Source type
CIM Data Model
Event Field
Data Model Field…
Forum to post feedback related to the Splunk XG Early Access Program.
Support for this application while in Early Access will be provided via the Feedback forum associated with this Wiki. Please use an existing post if your issue has already been reported, or create a new post for each new issue you wish to report.