elasticmachine
commented
2 years ago Pinging @elastic/security-external-integrations (Team:Security-External Integrations)
Closed leehinman closed 2 years ago
elasticmachine
commented
2 years ago Pinging @elastic/security-external-integrations (Team:Security-External Integrations)
legoguy1000
commented
2 years ago See elastic/integrations#2158 and elastic/integrations#2163 for the agent integration.
andrewkroh
commented
2 years ago andrewkroh
commented
2 years ago We have log samples in both https://github.com/elastic/beats/pull/31038 and https://github.com/elastic/integrations/pull/2163. I think the updated pipeline should handle both the old and new log format to have broader Sophos XG version compatibility.
There are fixes in both https://github.com/elastic/integrations/pull/2163 and https://github.com/elastic/beats/pull/28932. I think we should finish the elastic/integrations PR and then sync the whole pipeline back into the Filebeat module.
piellick
commented
2 years ago hello guys,
In meanwhile, i have found this doc who provide sample logs per log type fro 18.5.X version : [https://docs.sophos.com/nsg/sophos-firewall/18.5/PDF/SF%20syslog%20guide%2018.5.pdf] Could be very helpfull for you.
bitnapper
device_serial_idas alternate fordevice_iddst_zone_typeas alternate fordstzonetypesrc_zone_typeas alternate forsrczonetypesrczoneandstzoneas custom fields