1+ [
2+ {
3+ "name" : " SophosEndpointProtectionCCPAlertsPolling"
4+ "apiVersion" : " 2022-12-01-preview"
5+ "type" : " Microsoft.SecurityInsights/dataConnectors"
6+ "location" : " {{location}}"
7+ "kind" : " RestApiPoller"
8+ "properties" : {
9+ "connectorDefinitionName" : " SophosEndpointProtectionCCPDefinition"
10+ "dataType" : " SophosEPAlerts_CL"
11+ "dcrConfig" : {
12+ "dataCollectionEndpoint" : " {{dataCollectionEndpoint}}"
13+ "dataCollectionRuleImmutableId" : " {{dataCollectionRuleImmutableId}}"
14+ "streamName" : " Custom-SophosEPAlerts_CL"
15+ },
16+ "auth" : {
17+ "type" : " OAuth2"
18+ "ClientSecret" : " {{clientSecret}}"
19+ "ClientId" : " {{clientId}}"
20+ "TokenEndpoint" : " https://id.sophos.com/api/v2/oauth2/token"
21+ "tokenEndpointHeaders" : {
22+ "Accept" : " application/json"
23+ "Content-Type" : " application/x-www-form-urlencoded"
24+ },
25+ "TokenEndpointQueryParameters" : {},
26+ "scope" : " token"
27+ "grantType" : " client_credentials"
28+ },
29+ "request" : {
30+ "apiEndpoint" : " https://api-{{sophosRegion}}.central.sophos.com/siem/v1/alerts"
31+ "rateLimitQPS" : 10 ,
32+ "queryWindowInMin" : 5 ,
33+ "httpMethod" : " GET"
34+ "retryCount" : 3 ,
35+ "timeoutInSeconds" : 60 ,
36+ "queryTimeFormat" : " UnixTimestamp"
37+ "startTimeAttributeName" : " from_date"
38+ "headers" : {
39+ "Accept" : " application/json"
40+ "X-Tenant-ID" : " {{sophosTenantId}}"
41+ }
42+ },
43+ "paging" : {
44+ "pagingType" : " NextPageToken"
45+ "nextPageTokenJsonPath" : " $.next_cursor"
46+ "hasNextFlagJsonPath" : " $.has_more"
47+ "nextPageParaName" : " cursor"
48+ },
49+ "response" : {
50+ "eventsJsonPaths" : [
51+ " $.items"
52+ ]
53+ }
54+ }
55+ },
56+ {
57+ "name" : " SophosEndpointProtectionCCPEventsPolling"
58+ "apiVersion" : " 2022-12-01-preview"
59+ "type" : " Microsoft.SecurityInsights/dataConnectors"
60+ "location" : " {{location}}"
61+ "kind" : " RestApiPoller"
62+ "properties" : {
63+ "connectorDefinitionName" : " SophosEndpointProtectionCCPDefinition"
64+ "dataType" : " SophosEPEvents_CL"
65+ "dcrConfig" : {
66+ "dataCollectionEndpoint" : " {{dataCollectionEndpoint}}"
67+ "dataCollectionRuleImmutableId" : " {{dataCollectionRuleImmutableId}}"
68+ "streamName" : " Custom-SophosEPEvents_CL"
69+ },
70+ "auth" : {
71+ "type" : " OAuth2"
72+ "ClientSecret" : " {{clientSecret}}"
73+ "ClientId" : " {{clientId}}"
74+ "TokenEndpoint" : " https://id.sophos.com/api/v2/oauth2/token"
75+ "tokenEndpointHeaders" : {
76+ "Accept" : " application/json"
77+ "Content-Type" : " application/x-www-form-urlencoded"
78+ },
79+ "TokenEndpointQueryParameters" : {},
80+ "scope" : " token"
81+ "grantType" : " client_credentials"
82+ },
83+ "request" : {
84+ "apiEndpoint" : " https://api-{{sophosRegion}}.central.sophos.com/siem/v1/events"
85+ "rateLimitQPS" : 10 ,
86+ "queryWindowInMin" : 5 ,
87+ "httpMethod" : " GET"
88+ "retryCount" : 3 ,
89+ "timeoutInSeconds" : 60 ,
90+ "queryTimeFormat" : " UnixTimestamp"
91+ "startTimeAttributeName" : " from_date"
92+ "headers" : {
93+ "Accept" : " application/json"
94+ "X-Tenant-ID" : " {{sophosTenantId}}"
95+ }
96+ },
97+ "paging" : {
98+ "pagingType" : " NextPageToken"
99+ "nextPageTokenJsonPath" : " $.next_cursor"
100+ "hasNextFlagJsonPath" : " $.has_more"
101+ "nextPageParaName" : " cursor"
102+ },
103+ "response" : {
104+ "eventsJsonPaths" : [
105+ " $.items"
106+ ]
107+ }
108+ }
109+ }
110+ ]
0 commit comments