Qradar logs to elasticsearch

We have couple Sophos FWs sending logs to Qradar SIEM which we plan to extend to Elastic for threat hunting (Log Forwarding from Qradar to Elastic). In Integrations I choose Sophos. but logs don't parse correctly. the problem is The syslog header added by the QRadar forwarder, which is not the original header.

Can anybody help me to solve this problem

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.