We have couple Sophos FWs sending logs to Qradar SIEM which we plan to extend to Elastic for threat hunting (Log Forwarding from Qradar to Elastic). In Integrations I choose Sophos. but logs don't parse correctly. the problem is The syslog header added by the QRadar forwarder, which is not the original header.
Can anybody help me to solve this problem