"Is it possible to develop Sophos add-on by adding a python package so that it can connect to Sophos API, like Splunk AWS add-on?"
On this server customer is running SPLUNK through which they connect to various vendor software, in our case Sophos Central to interrogate the data.
Python version 2.7.5 is what is running on the server
This runs some scripts to connect to the Central API to fetch logs from Central gateway & store on the Linux server.
This is then used to create reports.
Customer has other applications that run on this server
AWS, Forcepoint, Imprva
These applications download a newer version of Python 2.7.9+ that allows their integration script to run.
Following our KB, we do not supply the same thing, just the script.
Customer environment does not allow them to upgrade to 2.7.9+ from their current version.
Article ID: 125169
Title: Sophos Central APIs: How to send alert and event data to your SIEM
URL: https://sophos.com/kb/125169
The error they get is;
PFB logs:
04-16-2019 13:17:28.065 +0100 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/SophosAddOnForSplunk/bin/sophocentralalerts.py" ERRORHTTPSConnectionPool(host='api3.central.sophos.com', port=443): Max retries exceeded with url: /gateway/siem/v1/alerts/?limit=1000&from_date=1555416748 (Caused by ProxyError('Cannot connect to proxy.', error('Tunnel connection failed: 403 Forbidden',)))
Customer would like a feature request so that a supported version of Python is supplied with the script, as the other applications do.
"Is it possible to develop Sophos add-on by adding a python package through it can connect to Sophos Gateway, like Splunk AWS add-on?"
Can Sophos develop the script to include a version of Python that would be supported with their script, like Python 2.7.9+, as per the KB above?
Documentation too.
Tejas Bavarva
shared this idea
2 comments
-
Elisa
commented
The process of making the integration script run properly may seem a rather complicated procedure for some, and in fact it is. The problem can probably be solved faster and easier when programmers work in collaborative manner. Visit https://assignmentcore.com and choose another programmer to work with and to make Python integration script run.
-
Tejas Bavarva
commented
Amendment to post above.
These applications download a newer version of Python 2.7.9+ that allows their integration script to run.
Should read as;
Modification: AWS, Forcepoint and Imperva does not download but they use boto python (version compatible with their respective add-on) which comes up in their add-on (pre-installation package).
