I'm currently working with a lesser-known SIEM solution :smileysad: which currently doesn't have a parser for the default Sophos Log Writer output. :smileyfrustrated:
I've noted the Log Writer .config files provide a method for customising field labels in the log output, and I'm looking to determine whether these can be modified to produce a CEF-compliant log format.
Has anyone else tackled this challenge, or does anyone know if there are other supported tags - particularly whether fixed attributes can be set to produce necessary values (CEF:0|DeviceVendor...etc)?
Thanks in advance... J
This thread was automatically locked due to age.