This Add-on was designed to parse fields from Sophos XG firewall to CIM compliant fields for Network_Traffic, Intrusion_Detection, and Web data models. Onboard data as sourcetype=sophos:xg:syslog Data will sub-sourcetype to various sourcetypes such as sophos:xg:Firewall, sophos:xg:ContentFiltering, sophos:xg:IDP, etc.