As part of the regular maintenance of the XDR Live Discover extension from Sophos we review the use of extension tables provided.
In that review we see that only 5 customer created queries have leveraged the Public_IP extension table for live discover and for performance reasons we will be removing that extension table.
DEPRECATED OCTOBER 21, 2021:
SUPPORT Will be REMOVED in January 2022
Public IP information for a device will remain available in the data lake XDR_DATA Table
SELECT DISTINCT meta_hostname ep_name, meta_public_ip public_ip FROM xdr_data