We're pleased to announce that the XDR & EDR Data Lake Early Access Program is now publicly available to our Intercept X Endpoint and Server customers.
For customers who join and enroll devices into these endpoint and/or server early access programs, the version of the endpoint/server that will get installed to enrolled devices will run scheduled Sophos managed threat hunting focused queries (similar to those run by the Sophos Managed Threat Response team). The results of queries will be stored in the new Sophos Data Lake which is queryable via APIs and also via our Live Discover functionality in Sophos Central. The Sophos Data lake will include XG Firewall data if Central Firewall reporting is enabled. This new functionality means that customers will be able to threat hunt using this offline data regardless of the actual state of the device. Admins will have the ability to:
To get started now check out this blog post
Customer interested in the topics below will be great candidates for this early access program:
Over the coming months then we plan to introduce some exciting new functionality in to Central to allow customers to:
Check out this blog post which tells you everything you need to know about joining the EAP and please visit our XDR EAP community here where you'll find all related blog posts, a query and file repository, and a discussion forum where you can ask your EAP related questions.