drop sophos xg traffic log export · parse fw rule + app control + web filter · runs locally
drop sophos xg traffic log export · local only
heuristic screener · vendor schema varies · not definitive proof