sophos/Sophos-Central-SIEM-Integration

Add Tag for Customer

taycom opened this issue 5 years ago · 1 comments

taycom commented 5 years ago

Is possible add tag for add name of customer in CEF(or another) format in the first of the line?
This is actually message;
<30>Access was blocked to "www.veterinariotraumatologo.com" because of "Mal∕HTMLGen-A".|CEF:0|Sophos|sophos central|1.0|Event::Endpoint::WebFilteringBlocked|Access was blocked to "www.vetesadfdsao.com" because of "Mal∕HTMLGen-A".|1|sour
And my petition is:
CUSTOMER_NAME<30>Access was blocked to "www.veterinariotraumatologo.com" because of "Mal∕HTMLGen-A".|CEF:0|Sophos|sophos central|1.0|Event::Endpoint::WebFilteringBlocked|Access was blocked to "www.vetesadfdsao.com" because of "Mal∕HTMLGen-A".|1|sour
Thanks

ramksophos commented 3 years ago

We don't plan to fix this for the foreseeable future. However, you a workaround available, in that, you can enumerate your customers using the Partner API or the Organization API operation to enumerate tenants, then post-process the output of this tool to add the customer name.