[Sophos] Update Sophos pipelines for new fields

[legoguy1000]

What does this PR do?

Updates Sophos pipelines to support new fields.

Checklist

• I have reviewed tips for building integrations and this pull request is aligned with them.
• I have verified that all data streams collect metrics or logs.
• I have added an entry to my package's changelog.yml file.
• If I'm introducing a new feature, I have modified the Kibana version constraint in my package's manifest.yml file to point to the latest Elastic stack release (e.g. ^7.13.0).

Author's Checklist

• [ ]

How to test this PR locally

cd integrations/packages/sophos
elastic-package build && elastic-package stack down && elastic-package stack up --version 7.16.0-SNAPSHOT -d -v && eval "$(elastic-package stack shellinit)" && elastic-package test -v

Related issues

• Closes [sophos] XG - sent_bytes bug #2158

Screenshots

[elasticmachine]

💚 Build Succeeded

the below badges are clickable and redirect to their specific view in the CI or DOCS

Expand to view the summary

Build stats

• Start Time: 2022-04-18T22:16:32.332+0000

• Duration: 17 min 43 sec

Test stats 🧪

Test	Results
Failed	0
Passed	17
Skipped	0
Total	17

🤖 GitHub comments

To re-run your PR in the CI, just comment with:

• /test : Re-trigger the build.

[elasticmachine]

Pinging @elastic/security-external-integrations (Team:Security-External Integrations)

[P1llus]

/test

[jamiehynds]

Hey @legoguy1000 - can you advise on the current state of this PR? Do you need anything from us to move towards merging?

[legoguy1000]

Hey @legoguy1000 - can you advise on the current state of this PR? Do you need anything from us to move towards merging?

I think the big thing was the question/conversation above regarding a couple of fields.

[legoguy1000]

Also i know this was also brought up in the Beats repo so we can also wait for that to be updated and then just copy the changes?? the parallel effort was also wonky as wanted to keep the changes consistent.

[andrewkroh]

I was just commenting about have parallel changes in elastic/beats#29002 (comment).

[legoguy1000]

Ok, I will rebase and get this updated.

[andrewkroh]

/test

[andrewkroh]

That link you referenced (https://docs.sophos.com/nsg/sophos-firewall/17.5/Help/en-us/webhelp/onlinehelp/nsg/sfos/concepts/LogFields.html) would be great to have in the documentation somewhere.

[legoguy1000]

@andrewkroh pushed changes

[andrewkroh]

/test

It has been ~6 months and the pipelien has been updated since.

[andrewkroh]

/test

[legoguy1000]

some weird glitch with the pipeline. I tried to rebuild README and there are no changes so idk.

[andrewkroh]

some weird glitch with the pipeline. I tried to rebuild README and there are no changes so idk.

You might have an old version of elastic-package. Try running go install github.com/elastic/elastic-package from the main branch of elastic/integrations to install the version specified in the go.mod file.