Has the /siem/v1/events schema changed?

Question

I found an article describing the events schema here https://community.sophos.com/kb/en-us/132726 
 The schema documented here appears to be different than the schema I get from the endpoint GET /siem/v1/events 
 { "appSha256": null, "appCerts": null, "when": "2019-08-07T14:31:27.000Z", "core_remedy_items": null, "id": "XXXXX-XXXX-XXXX-XXXX-XXXXXXXXXX", "created_at": "2019-08-07T14:38:59.894Z", "source_info": { "ip": "0.0.0.0" }, "customer_id": "XXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX", "severity": "low", "threat": null, "endpoint_id": "XXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXX", "endpoint_type": "computer", "user_id": "XXXXXXXXXXXXXXXXXXXX", "origin": null, "source": "John Smith", "name": "'https://connect.facebook.net' blocked due to category 'Personals and Dating'", "location": "XXXXXX", "type": "Event::Endpoint::WebControlViolation", "group": "WEB"} 
 
 Some fields are present on both models but some are not. Is there another events endpoint that returns the schema listed in the KB article? 
 
 Thanks 
 Taylor

Taylor Clark · Answer

I see now that the KB article refers to the output of the Python SIEM integration and that is generating the schema documented there inside of this script https://github.com/sophos/Sophos-Central-SIEM-Integration/blob/master/siem.py 
 The API itself appears to consistently have the schema I've pasted above