I have the Sophos XG forwarding logs to Splunk. How do i search for users who logged into Sophos XG in Splunk.
Hello @ticbos
if you are receiving audit logs of Sophos, then you can easily search it.
There are several apps for Sophos in Splunkbase. Have you tried any of them?