The API Token Summary for this token is displayed. To create a new token, click Add token in the top-right corner of the screen.In the Sophos Central Admin program, select Global Settings > API Token Management.
The script extracts the logs from Sophos Central and then send them to USM Appliance using Syslog. Running the script from a Linux machine has the added benefit of supporting syslog out-of-the-box.This machine is separate from USM Appliance.Place the script on a Windows or Linux machine running Python 2.7.9 or later. From the Sophos website, select the Clone or Download option to download the zip file containing all components of the Sophos Central SIEM Integration script.To configure Sophos Central to send syslog messages (alert and event data) to USM Appliance Before you configure the Sophos Central integration, you must have the IP Address of the USM Appliance Sensor. The following procedure describes how to create an API token, modify the config.ini file to include token data, and launch the script to import data into your SIEM solution, in this case, USM Appliance. A Sophos Central SIEM Integration script is used to accomplish this. The primary goal for these APIs is to allow integration with Security Information and Event Management (SIEM) solutions, including USM Appliance. Sophos Central has secure APIs available that allow the retrieval of event and alert data from Sophos Central for use in other systems. The table below provides some basic information for the plugin: Plugin Information Device When you configure Sophos Central to send log data to USM Appliance, you can use the sophos-central plugin to translate raw log data into normalized events for analysis.
0 kommentar(er)
