All Apps and Add-ons
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Is there a way to pull the Sophos Audit Logs as well?

Sparky1
Explorer
‎09-13-2018 08:50 AM

If i go to Logs & Reports, in the sophos central console, under the General Logs heading there are 2 options, Events and Audit Logs. Based on the information that is polled from the Splunk Add-on only the Event Logs are polled, is there a way to receive the Audit Logs as well?

Reply

mon123
Engager
‎09-13-2023 08:12 AM

@Sparky1 were you able to find out the solution to ingest Sophos audit logs ?

0 Karma
Reply

osakachan
Communicator
‎09-14-2018 02:23 AM

Hello,

Ingesting machine data from Sophos Central you will have 2 kinds of logs with 2 differents customer_id (it is only same alphanumeric but rearranged). One of them gives you extended information about one of the events with the other customer_id.

This is using this https://github.com/sophos/Sophos-Central-SIEM-Integration

0 Karma
Reply

mstjohn_splunk
Splunk Employee
Splunk Employee
‎09-13-2018 09:13 AM

hi @sparky1,

Thanks for posting.

Could you give us some more context for your query? You have a much better chance of getting your question answered if you provide more information about your issue. Plus, it will help guide future community users who are facing a similar problem.

0 Karma
Reply
Get Updates on the Splunk Community!

Shape the Future of Splunk: Join the Product Research Lab!

Join the Splunk Product Research Lab and connect with us in the Slack channel #product-research-lab to get ...

Auto-Injector for Everything Else: Making OpenTelemetry Truly Universal

You might have seen Splunk’s recent announcement about donating the OpenTelemetry Injector to the ...

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

This challenge was first posted on Slack #puzzles channelFor BORE at .conf23, we had a puzzle question which ...