i've got a deeplink to Messages (sophos.com) but i would like to get my hands on the current (18.5) version so i can find messages that our firewalls are logging right now so i can parse them for our siem.
and while i'm asking this, it would be so much better if for example :
| 17507 |
Admin sign-in sign-out |
| 17813 | Interface up/interface down |
| 17814 | Gateway alive/gateway dead |
| 17935 |
Mapped server <server_ipaddress> is up/mapped server <server_ipaddress> is down |
are not in captured in the same event id anymore since a login is completely different then a logout event which should contribute to completely different usecases / triggers in siem applications. And an server up is completely different from server down also.
This thread was automatically locked due to age.
