search

sophos / Sophos-Central-SIEM-Integration

Simple integration script for 3rd party systems such as SIEMs. Offers command line, file or syslog output in CEF, JSON or key-value pair formats.
121 stars 70 forks source link

Include audit into downloaded events #74

Open backloop-biz opened 2 years ago

backloop-biz commented 2 years ago

Hello, is it possible to include also audit information? For example the login (succeded or failed) of users on Sophos Central?

sistemasad commented 1 year ago

+1 The audit log is an important trace to be retained more than 90 days. It would be very useful getting it exported also. Thankyou.

ciyaresh commented 8 months ago

+1

Getting the audit logs into the SIEM is crucial as we can track user activity that could be potentially dangerous, such as making changes to the threat protection policies, making changes to system settings and so on.