For the typical Central administrator using Live Discover, often times you are just looking to run a pre-canned query to get results as quick and easy as possible so we've made some changes in Central to help simplify using Live Discover for those admins.  When opening up Live Discover now, you'll see you are in the standard mode where you can easily pick out and run your query and you will no longer see the SQL code behind the query or have buttons for editing and saving queries if you just want to get right to to business.

Admins looking to get their hands a little dirtier and who plan to create their own queries and modify existing queries can enable our new Designer Mode which will enable access to those features:

As I often like to remind, please remember if you are looking to run Data Lake queries, you must turn on the uploading of data to the Data Lake.  In your Sophos Central console select ‘Global Settings’ then under Endpoint or Server Protection (or both) select the ‘Data Lake uploads’ setting and turn on the 'Upload to the Data Lake' toggle. Once enabled we will perform scheduled hydration queries on for your devices which capture interesting threat hunting related data and send it to the Data Lake.  From the settings page you can also exclude specific devices from sending data to the Sophos Data Lake if you wish.


Stay tuned as over the coming weeks and months you will continue to see improvements and enhancements to our Live Discover functionality.