sophos/Sophos-Central-SIEM-Integration

Simple integration script for 3rd party systems such as SIEMs. Offers command line, file or syslog output in CEF, JSON or key-value pair formats.

Python

Issues

errors when running siem.py script
#88 opened a year ago by dianabogdan
1
When pulling out events for a hostname it changes the characters from _ into -
#92 opened 10 months ago by Yenz24
0
Include audit into downloaded events
#74 opened 3 years ago by backloop-biz
2
Question | Is it possible obtain Hash from EDR using this tool?
#91 opened a year ago by sr-vazkez
0
Remove the facility number on TCP
#81 opened 2 years ago by paminhoff
8
Facility Number
#90 opened a year ago by knumbness
0
Remove the facility number from logs while using syslog
#89 opened a year ago by wildborn
0
Siem event and alert log collect not work
#86 opened 2 years ago by Sue1990
0
time difference between the Log Source Time and the Storage time
#85 opened 2 years ago by Mathangee
0
the script pull the logs to the local server but not send them to my siem collector
#82 opened 2 years ago by ithamar21
2
Insufficient Logging from tool
#83 opened 2 years ago by marinhms
1
No new alerts data retrieved from the API and empty result.txt
#78 opened 3 years ago by Jaquar007
0
2.1.0 siem.py -v still reports as 2.0.1
#75 opened 3 years ago by rave-net
1
Using environment vars in config.ini
#71 opened 3 years ago by KrisMacBP
1
Missing Events
#53 opened 3 years ago by gautaus
6
null_byte appended by syslog logger not supported in all siem
#68 opened 3 years ago by BibekShrestha
0
Latest version: results not in JSON format when using API token method
#52 opened 3 years ago by obpedro
9
Script not respecting state file
#66 opened 3 years ago by ecollins-sophos
1
Cannot convert dhost into CEF format
#18 opened 3 years ago by abunn-r7
3
Category in web filter bypass
#39 opened 3 years ago by davidrudduck
1
Severity Map
#58 opened 3 years ago by cbxsec1
0
syslog export to siem
#47 opened 3 years ago by Ari-R
3
Thousands of duplicate events
#50 opened 3 years ago by apreheim
7
Date and Time 4 hours ahead SOPHOS Central API Log pull
#42 opened 3 years ago by apeximmortal
4
Multi Tenant support
#62 opened 3 years ago by Vetpeet
1
JSON Result File contains empty lines
#37 opened 3 years ago by matthewtckr
3
No JSON object could be decoded
#31 opened 3 years ago by Balackie
8
Error trying to run siem.py
#34 opened 3 years ago by vladimirgluten
2
Different "state_file_name"
#22 opened 3 years ago by AndreaErrani
2
Break out the TYPE field into TYPE and SUBTYPE
#40 opened 3 years ago by davidrudduck
1
REQUEST - Customer Name Field
#14 opened 3 years ago by arnydo
2
Add Tag for Customer
#38 opened 3 years ago by taycom
1
API return just 100 random endpoints
#23 opened 3 years ago by saostad
4
Max 100 Objects returned - is there pagination ?
#25 opened 3 years ago by simonp001
2
syslog export for rapid7
#44 opened 3 years ago by ethernetguru
5
Issue running into RHEAL 7
#55 opened 3 years ago by kaaltech
5
Multiple API configuration in Script
#54 opened 3 years ago by arjamb
1
Sub Estate
#24 opened 4 years ago by xayleth
1
Multi-Tenancy Support
#41 opened 4 years ago by davidrudduck
1
Sophos Partner API Integration
#36 opened 4 years ago by UMB-Linus
2
Support python 3
#35 opened 4 years ago
2
Error running siem.py (invalid syntax)
#48 opened 4 years ago by syunusic
8
Siem.py doesnt forward events to Syslog
#45 opened 4 years ago by WinterIsCommin
1
Problem running siem.py as Windows scheduled task
#32 opened 5 years ago by papapelon
1
No section: 'login'
#16 opened 7 years ago by dannyhanes
7
python siem.py fails wirth "AttributeError: 'NoneType' object has no attribute 'group'"
#20 opened 6 years ago by DavidRHawley
3
JSON object must be str, not 'bytes'
#12 opened 6 years ago by runtman
3
KeyValue formats are not consistant
#17 opened 7 years ago by thepcn3rd
0
Internal Server Error
#15 opened 7 years ago by Mogibear
1
Duplicate alerts are getting logged in "endpoint = all" configuration in config.ini
#10 opened 7 years ago by rakeshajmera
1