SIEM

  • 1.  Sophos XG - Parsing

    Posted Mar 17, 2020 06:06 AM
      |   view attached
    Hi,

    We have developed a new parser for Sophos XG, with the blades bellow:

    Firewall Log

    SSL VPN

    GUI

    IPSec

    WebProxy

    Anti-Spam

    Anti-Virus

    DHCP

    You have to add the events (admin -> device support -> Event), to do this, run analytics and look for all events that are not in EventTypes.

    on attachment the parser.


    Attachment(s)

    xml
    sophosXG.xml   11K 1 version