Sophos Central SIEM Integration Add-on

You are required to download the Sophos Central script from their GitHub here for this add-on to work: https://github.com/sophos/Sophos-Central-SIEM-Integration Note: We do not own the rights nor are we a maintainer of this GitHub page. This script runs outside of Splunk, and is NOT included in this add-on. This is the only script that Sophos will provide support for if you have issues. Other add-ons or scripts are not guaranteed to deliver all of your data! The purpose of this add-on is to provide value to your Sophos Central Event Reports logs, using the official script supported by Sophos. This is done by making the logs CIM compliant, adding tagging for Enterprise Security data models, and other knowledge objects to make searching and visualizing this data easy. * Built for Splunk Enterprise 6.x.x or higher * CIM Compliant (CIM 4.0.0 or higher) * Ready for Enterprise Security * Built based on the official Sophos Central SIEM integration script (v1.1.0) but appears to support the v2.0.1 script as well. ** https://community.sophos.com/kb/en-us/125169 ** https://github.com/sophos/Sophos-Central-SIEM-Integration *** Supports all three output formats (CEF, JSON, and Keyvalue) *** Supports file and syslog output methods