Added support in siem.py to communicate with legacy-siem service

sophos / Sophos-Central-SIEM-Integration

Simple integration script for 3rd party systems such as SIEMs. Offers command line, file or syslog output in CEF, JSON or key-value pair formats.

121 stars 70 forks source link

Add the client id, client secret, tenant id, auth_url, api_host, state_file_path key in config.ini
Update the siem.py to also work with API credentials.
Fetch the event and alert data by calling the Apigee endpoint if API credentials details exist in config.ini.
Partner and enterprise user add tenant id in configuration to fetch tenant alert and event
If API credentials do not exist in config.ini then customer alert/event data fetched with the existing flow (By using a token)
After updating the seim.py, Validated it with python3 version (its only support in python3.5 and higher version)

sophos / Sophos-Central-SIEM-Integration