Closed jungleboogie75 closed 2 months ago
hi @jungleboogie75 I added sophos_xg_firewall,index,netfw
to splunk_metadata.csv
and it worked.
For enhancement/bug fix issues please open a new github issue and refer to this one, for support please open a Splunk support ticket
What is the sc4s version ? 3.22.2
Describe the bug All of the data for Sophos is sent to the netdlp index rather than being routed to more logical destinations. My customer only had a few sourcetypes from Sophos, but these are the overrides I used:
sophos_xg_content_filtering,index,netproxy sophos_xg_event,index,netauth sophos_xg_firewall,index,netfw sophos_xg_waf,index,netwaf