forked from sophos/Sophos-Central-SIEM-Integration
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathconfig.ini
executable file
·38 lines (29 loc) · 1.01 KB
/
config.ini
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
[login]
# API Access URL + Headers
# API token setup steps: https://community.sophos.com/kb/en-us/125169
token_info = <Copy API Access URL + Headers block from Sophos Central here>
# Client ID and Client Secret for Partners, Organizations and Tenants
# <Copy Client ID and Client Secret from Sophos Central here>
client_id =
client_secret =
# Customer tenant Id
tenant_id =
# Host URL for Oauth token
auth_url = https://id.sophos.com/api/v2/oauth2/token
# whoami API host url
api_host = api.central.sophos.com
# format can be json, cef or keyvalue
format = json
# filename can be syslog, stdout, any custom filename
filename = result.txt
# endpoint can be event, alert or all
endpoint = event
# syslog properties
# for remote address use <remoteServerIp>:<port>, for e.g. 192.1.2.3:514
# for linux local systems use /dev/log
# for MAC OSX use /var/run/syslog
address = /var/run/syslog
facility = daemon
socktype = udp
# cache file full or relative path (with a ".json" extension)
state_file_path = state/siem_sophos.json