Open LukyLuke opened 2 years ago
LukyLuke
commented
2 years ago Are there any questions on this or can i do something to get this to your attention? If this change is not welcome, please say so, then I will do possible changes elsewhere or in a much smaller script.
ramksophos
commented
2 years ago Thanks, @LukyLuke, we will look at pulling some of these changes in.
PMX-Martijn
commented
4 months ago We have more than 130 tenants in our Sophos Central and need all them in our ELK-SIEM.
Therefore I have to collect all Events and Alerts from all Tenants and not only from one specific. To run this script for each tenant is too config-intensive and too resource-hungry.
Changes:
- In case the
client_idis a partner partner, all tenants are fetched and processed- If a
tenant_idis given, only that tenant is fetched- In case of TCP-Syslog, a
\nis appended to have each message on one line and not all on one- Don't append
\0to syslog messages (was needed for some old syslog servers)- fixed a typo in
add_siem_logeer_handlertoadd_siem_logger_handler
we are running an partner portal where some customers manage the tenant themselfs and for others we do it, would be awesome if we can get a possibility to add a list of tenant-id's to fetch in one go
We have more than 130 tenants in our Sophos Central and need all them in our ELK-SIEM.
Therefore I have to collect all Events and Alerts from all Tenants and not only from one specific. To run this script for each tenant is too config-intensive and too resource-hungry.
Changes:
client_idis a partner partner, all tenants are fetched and processedtenant_idis given, only that tenant is fetched\nis appended to have each message on one line and not all on one\0to syslog messages (was needed for some old syslog servers)add_siem_logeer_handlertoadd_siem_logger_handler