List of possible log Events for SIEM integration

Same boat here.  Looking to parse into LogRhythm.

I have created a parser to work with LogRhythm.  I am using the Sophos Tool to pull the logs in CEF format and saving to a flat-file.  I am catching 100% of the logs currently.

Brent, has the parsing/MPE rule you've written for LogRhythm been functioning well since your last post?  I'm currently in a position where we want to start collecting our Sophos Central events, as well.  Would you be willing to share the regex you're using?  Or maybe export your MPE rule and share?

Brent, has the parsing/MPE rule you've written for LogRhythm been functioning well since your last post?  I'm currently in a position where we want to start collecting our Sophos Central events, as well.  Would you be willing to share the regex you're using?  Or maybe export your MPE rule and share?

You might be better off jumping on the LogRhythm forums. https://community.logrhythm.com  Also make sure you put in a request to have them add it.  The more demand there is the faster it will get done.

I have it going, but I at this point I really don't trust the logs we are getting.  Also it seems the logs are not constant.  

Found your thread in the LR community.  Thanks. 

Has anyone else noticed the API logs are changing?  Also it seems that some might be incomplete.