Open LukyLuke opened 2 years ago
Are there any questions on this or can i do something to get this to your attention? If this change is not welcome, please say so, then I will do possible changes elsewhere or in a much smaller script.
Thanks, @LukyLuke, we will look at pulling some of these changes in.
We have more than 130 tenants in our Sophos Central and need all them in our ELK-SIEM.
Therefore I have to collect all Events and Alerts from all Tenants and not only from one specific. To run this script for each tenant is too config-intensive and too resource-hungry.
Changes:
- In case the
client_id
is a partner partner, all tenants are fetched and processed- If a
tenant_id
is given, only that tenant is fetched- In case of TCP-Syslog, a
\n
is appended to have each message on one line and not all on one- Don't append
\0
to syslog messages (was needed for some old syslog servers)- fixed a typo in
add_siem_logeer_handler
toadd_siem_logger_handler
we are running an partner portal where some customers manage the tenant themselfs and for others we do it, would be awesome if we can get a possibility to add a list of tenant-id's to fetch in one go
We have more than 130 tenants in our Sophos Central and need all them in our ELK-SIEM.
Therefore I have to collect all Events and Alerts from all Tenants and not only from one specific. To run this script for each tenant is too config-intensive and too resource-hungry.
Changes:
client_id
is a partner partner, all tenants are fetched and processedtenant_id
is given, only that tenant is fetched\n
is appended to have each message on one line and not all on one\0
to syslog messages (was needed for some old syslog servers)add_siem_logeer_handler
toadd_siem_logger_handler