For query assistance, please see the following Best Practices guide
As part of the regular maintenance of the XDR Live Discover extension from Sophos we review the use of extension tables provided.
In that review we see that only 5 customer created queries have leveraged the Public_IP extension table for live discover and for performance reasons we will be removing that extension table.
DEPRECATED OCTOBER 21, 2021:
SUPPORT Will be REMOVED in January 2022
Public IP information for a device will remain available in the data lake XDR_DATA Table
SELECT DISTINCT meta_hostname ep_name, meta_public_ip public_ip FROM xdr_data