Log data available from Sophos endpoint products for Splunk

Question

Hi, 
 
 I'm looking to bring in the following endpoint log information from Sophos Cloud to Splunk. What is the best way to do this: 
 
 Process Creation events such as: 
 - Child Command Line 
 - Child Process 
 - Child Process Hash 
 - Host 
 - Parent Command Line 
 - Parent Process Hash 
 - User 
 
 Process Network events such as: 
 - Dest IP 
 - Process Hash 
 - Source IP 
 - Dest Port 
 - Process Command Line 
 - Process 
 - User 
 - Host 
 
 File Touch Events such as: 
 - File Name 
 - Process Hash 
 - Host 
 - File Path 
 - Process 
 - User 
 
 Registry Events such as: 
 - User 
 - Process Hash 
 - Registry Path 
 - Host 
 - Process 
 - Registry Key 
 - Command Line 
 
 Thanks 
 G

RichardP · Answer

There is an add-on built by Splunk for this integration: 
 
 https://splunkbase.splunk.com/app/1854/ 
 https://splunkbase.splunk.com/app/3612/ 
 You need both... 
 It uses our API interface to pull data into Splunk.