Announcements

We continue to make excellent progress to the intended May release of the Data Lake version of the product. This week I wanted to demonstrate some of the capabilities we have just added around Pivots and the Depth of information available for admins ...

Welcome to the EDR Data Lake EAP (Early Access Program). How do I learn more In this forum you will find a number of documents, videos, queries and posts explaining the program and if you have any questions you can post them to the discussions area ...

Watch the video from the technical demo where we cover how to use Live Discover datalake queries. Video: https://vimeo.com/519661823 Queries used during SophSkills Demo DATA LAKE - List all EP and FW tables in the data lake This query will need ...

For those enrolled in the XDR & EDR Data Lake early access program (EAP), this week we will be launching new pivoting capabilities which allow administrators to rapidly navigate from the result of one query to an available Action, Query, or Enric...

With the data lake we can do some interesting IOC hunts that perform counts across all devices for similar IOC's and with some use of variables we allow for the administrator to rapidly focus on things of interest. Watch the Video: https://vimeo.com/...

For anyone who's joined the XDR & EDR Data Lake Early Access Program, we've been providing instructions on the different steps to join and enroll devices but I thought it would be useful to have one full blog post covering those steps and also de...

(NEW) Video on Schemas for EDR and Data Lake (15 Min) With the addition of the data lake a significant amount of new information is available.  In this document we will discuss each of the core database schemas. For those that simply want the ...

In this 7min video we show the features that were enabled on Feb 22nd for the Early Access Program for the XDR Data lake. Welcome to the EAP and stay tuned more features are coming in March and April as we add Context aware pivoting to another query...

One of the most frequently used queries by our threat hunting team is a flexible generic search query against the data lake. Often you know exactly what you are looking for but sometimes you want to start from a high level view and work your way deep...

Below is a query that will list all installed applications, the publisher, application name, and version number. It performs some nice counting so you don't have to deal with a long list of duplicates.  You can quickly search for rare applic...

Check out this webinar where the Sophos Engineering and PM team give an introduction on coding against the EDR Data Lake API and walk through using and modifying the Sophos Data Lake Test tool. vimeo.com/.../ad569fd23d

I am adding a set of queries to explore information in the data lake from the XG Firewall. For the data lake to have information from the XG Firewall you will need to have an XG FW License with Cloud Firewall reporting enabled. Once the firewall is c...

You can find the getting started guide for the EDR Data Lake APIs available here on the apigee.io site we use. Overview This guide takes you through a few simple steps to start using the new EDR Data Lake APIs in Sophos Central. All our APIs are off...

Hi all I have started populating the queries section of the forum.  I Expect to put about 50 queries into the forum to perform the basic navigation and exploration of the data.  Once I get those loaded in we will start adding more interesti...