Graylog2 · StefanAustin · Jun 18, 2025 · Jun 26, 2025 · Oct 13, 2025 · Oct 13, 2025
diff --git a/Content/Content Packs/SFOS 19.5 Content Pack.htm b/Content/Content Packs/SFOS 19.5 Content Pack.htm
@@ -79,7 +79,9 @@ <h2>Sophos XG/XGS Firewall Message Processing</h2>
             <li>
                 <p>Extraction of fields, normalization, and enrichment of SFOS log messages.</p>
             </li>
-            <li>The message field will be replaced by a shorter message to reduce license utilization. Activate the <code class="linecode">full_message</code> option in the input if needed.</li>
+            <section class="infoBox">
+                <div class="content"><b>Hint:</b> This pack rewrites the message field to reduce license utilization. To get the full message, set <i>Store full message</i> in the input settings to true.</div>
+            </section>
         </ul>
         <ul>
             <li>
@@ -242,4 +244,4 @@ <h2>Sophos XG/XGS Firewall Message Processing</h2>
             </tbody>
         </table>
     </body>
-</html>
+</html>
diff --git a/Content/Content Packs/Sophos Central Content Pack.htm b/Content/Content Packs/Sophos Central Content Pack.htm
@@ -7,11 +7,7 @@
         <MadCap:snippetBlock src="../Resources/Snippets/IlluminateBanner.flsnp" />
         <p>Sophos Central is a cloud-based unified security management platform that delivers centralized administration, threat detection, and policy enforcement across a range of security services encompassing network, endpoint, server, mobile, and email security. This content pack extracts fields from Sophos Central Endpoint Protection telemetry and event messages and normalizes them to align with the Graylog schema.</p>
         <h2>Supported Version(s)</h2>
-        <ul>
-            <li>
-                <p>Sophos Central is a continuously updated managed service that does not feature version numbers. This pack was built and tested for integration with the Sophos Central SIEM Integration v1 API. In addition, parsing is designed around Sophos Central events sourced from Windows endpoints. Events from other OS platforms such as macOS may be supported, but not fully tested.</p>
-            </li>
-        </ul>
+        <p>Sophos Central is a continuously updated managed service that does not feature version numbers. This pack was built and tested for integration with the Sophos Central SIEM Integration v1 API. In addition, parsing is designed around Sophos Central events sourced from Windows endpoints. Events from other OS platforms such as macOS may be supported, but not fully tested.</p>
         <h2>Requirements</h2>
         <ul>
             <li>
@@ -90,6 +86,11 @@ <h3>Configuring a Sophos Central Input</h3>
             </li>
         </ol>
         <p>If the input does not start automatically, select <i>Start Input</i> to begin retrieving and processing messages from the configured Sophos Central server.</p>
+        <p>
+            <section class="infoBox">
+                <div class="content"><b>Hint:</b> This pack rewrites the message field to reduce license utilization. To get the full message, set <i>Store full message</i> in the input settings to true.</div>
+            </section>
+        </p>
         <h2>Log Format Example</h2>
         <MadCap:codeSnippet>
             <MadCap:codeSnippetCopyButton />