Note: Use of all features and functionalities provided under the Early Access Program is subject to the Sophos End User License Agreement.

We are excited to announce that Intercept X Advanced with EDR v3.0 with Live Discover is now available in early access.

Live Discover allows admins to search their data to answer almost any question they can think of by searching across their endpoints and servers using SQL. You can choose from a selection of pre-created queries that can be fully customized to pull the exact information that you need and help answer IT operations and threat hunting questions like:

• Why is this device running slow? Is it pending a reboot? 
• Are users running unauthorized browser extensions? 
• Have any processes had their registry keys or files modified recently? 
• Is remote sharing enabled? What guest accounts exist?
• What processes are attempting to make network connections on non-standard ports? 


How to join the Early Access Program (EAP)?

The EAP is open to everyone that has Intercept X and/or Intercept X for Server, even if you don’t currently have EDR.  Customer's currently enrolled in the 'New Endpoint\Server Protection and EDR Features' early access programs won't need to do anything and devices enrolled in to those EAPs will receive the updated software automatically.  Customer's looking to join the early access program should review the presentation available here.  Also check out this video guiding through the process.

Using Live Discover:

Check out these videos which walk through using Live Discover and give an overview of the threat hunting and IT operational use cases where it can support you:

Selecting devices for a query

Using Live Discover to support IT Operations use cases

Using Live Discover for Threat Hunting

Using Live Discover for a forensic investigation

The full library of EDRv3 shared videos can be found here.


Can you help to shape our future products?

We're looking for customers and partners to join our Sophos Design Partner group. Sign up and you'll be able to give us your product feedback and ideas through surveys, interviews, or usability testing.
You'll be helping to make the world a safer place -- and you might win Amazon vouchers while you're doing it.
We’re particularly keen to talk to customers who are using our new EDR features in EAP.
Interested? Contact us at  InterceptBeta [at] Sophos [dot] com


Looking for other ways to provide feedback and get support with EDRv3:

Leverage the Sophos Endpoint Early Access Community where we’ll be providing blogs, videos documentation and forums where we’ll be sharing information and answering your technical questions.

Live Discover Schema:

Details on the osquery schema and the schema supporting the Sophos Data Recorder can be found here.

EDRv3 Known issues:

You can find a list of known early access issues here.