Sophos Community
Sophos Community
  • Site
  • User
  • Site
  • Search
  • User
  • Community & Product Forums
    • Sophos Endpoint
    • Sophos Firewall
    • Sophos Central
    • Sophos Factory
    • Sophos Mobile
    • Sophos Cloud Optix
    • Sophos Sensor
    • Sophos Switch
    • Sophos Wireless
    • Sophos Email
    • UTM Firewall
  • Community Blogs & Events
    • Sophos Community Blog
    • Community Security Blog
    • Product Documentation Blog
    • Application Control
  • Getting Started
  • Sophos Partners
  • Member Recognition
    • Community Leaderboards
  • More
  • Cancel
EDR Data Lake EAP
  • Sophos Endpoint
  • More
EDR Data Lake EAP

Announcements

  • Announcements
  • Discussions
  • Files
  • Queries
  • More
  • Cancel
  • New
EDR Data Lake EAP requires membership for participation - click to join
Announcements
Subscribe
  • Subscribe by email
  • Posts RSS
  • More
  • Cancel
  • Tags
  • Subscribe by email
  • More
  • Cancel
  • EAP: Simplified, SQL-free search in Sophos XDR

    EAP: Simplified, SQL-free search in Sophos XDR

    Lauren Horaist
    Lauren Horaist
    We’re excited to announce a new search experience that makes it easier to investigate and hunt threats on the endpoint. This Early Access Program (EAP) is delivering the first major step towards reducing search complexity and enabling you ...
    • 3 Mar 2023
  • New Detection views

    New Detection views

    Karl_Ackerman
    Karl_Ackerman
    We have been adding the ability to view more detection information both from the Sophos managed devices and from 3rd party integrations. In this update you can now view all detections and manage filters to see just detections that map to a specific M...
    • 19 Oct 2022
  • Now available - MS 365 Azure Audit logs and XDR Data lake

    Now available - MS 365 Azure Audit logs and XDR Data lake

    Karl_Ackerman
    Karl_Ackerman
    For query assistance, please see the following Best Practices guide We have enabled the ability to add the Office 365 Audit log information into the Sophos XDR Data Lake. This capability is available for ALL XDR customers at NO ADDITI...
    • 1 Dec 2021
  • XDR Detections EAP

    XDR Detections EAP

    Karl_Ackerman
    Karl_Ackerman
    Now with the XDR Detections EAP open folks can see all activity that has been classified to MITRE ATT&CK. The new page is in the Threat Analysis Center and has lots of really great information on what has been observed in your environment. &...
    • 20 Oct 2021
  • Winding down of the XDR & EDR Data Lake Early Access Program (Update June 30, 2021)

    Winding down of the XDR & EDR Data Lake Early Access Program (Update June 30, 2021)

    Kevin Kingston
    Kevin Kingston
    As previously communicated, from the beginning of June, no new customers are able to enroll into the XDR & EDR Data Lake Endpoint and Server early access programs (EAPs).  For customers who were already enrolled, they are no longer able to a...
    • 30 Jun 2021
  • Winding down of the XDR & EDR Data Lake Early Access Program (Update June 16, 2021)

    Winding down of the XDR & EDR Data Lake Early Access Program (Update June 16, 2021)

    Kevin Kingston
    Kevin Kingston
    As previously communicated, from the beginning of June, no new customers are able to enroll into the XDR & EDR Data Lake Endpoint and Server early access programs (EAPs).  For customers who were already enrolled, they are no longer able to a...
    • 15 Jun 2021
  • Winding down of the XDR & EDR Data Lake Early Access Program

    Winding down of the XDR & EDR Data Lake Early Access Program

    Kevin Kingston
    Kevin Kingston
    Hello All, With EDRv4 and our new XDR offering having become generally available in mid-May, Sophos will now begin the wind down of the XDR & EDR Data Lake Early Access Programs.  At this point we will not be introducing any new functionalit...
    • 4 Jun 2021
  • Scheduled Query for automatic report generation (PREVIEW)

    Scheduled Query for automatic report generation (PREVIEW)

    Karl_Ackerman
    Karl_Ackerman
    With the release of the product we will be adding scheduled query reports.    This feature is NOT YET available in the EAP but is coming with the general release in mid May.  For those eager to see it before it is complete I have recor...
    • 21 Apr 2021
  • EMAIL information now in the data lake

    EMAIL information now in the data lake

    Karl_Ackerman
    Karl_Ackerman
    BRIEF Video on EMAIL and the Data Lake. In this video we show the EMAIL Attachment and URL table that is available in the data lake, we also pivot from a URL seen an an email to ask if any endpoint have ever communicated to that URL and if so what pr...
    • 21 Apr 2021
  • Intercept X EDR XDR Overview

    Intercept X EDR XDR Overview

    Karl_Ackerman
    Karl_Ackerman
    A 30 min tour of some of the capabilities of Sophos Intercept X with EDR XDR.  In this 30 min video I touch on some of the core concepts in the product and explain a bit about how queries work and show some of the features. It by no means covers...
    • 20 Apr 2021
  • Generate Threat Case from Live Discovery file path

    Generate Threat Case from Live Discovery file path

    Karl_Ackerman
    Karl_Ackerman
    Often administrators would prefer to see the graphical view of the attack instead of the tables.   With a graphical view it is often MUCH easier to understand what was happening and come to a decision is something is malicious or not. To he...
    • 19 Apr 2021
  • Update XDR (EMAIL data, Scheduled Reports, Enrichment Pivots)

    Update XDR (EMAIL data, Scheduled Reports, Enrichment Pivots)

    Karl_Ackerman
    Karl_Ackerman
    Lots of new features are going to be enabled on Wed April 21.  We are still on track for GA in mid May. Video:
    • 19 Apr 2021
  • Pivots and the Depth of information available

    Pivots and the Depth of information available

    Karl_Ackerman
    Karl_Ackerman
    We continue to make excellent progress to the intended May release of the Data Lake version of the product. This week I wanted to demonstrate some of the capabilities we have just added around Pivots and the Depth of information available for admins ...
    • 8 Apr 2021
  • Frequently asked questions

    Frequently asked questions

    Karl_Ackerman
    Karl_Ackerman
    Welcome to the EDR Data Lake EAP (Early Access Program). How do I learn more In this forum you will find a number of documents, videos, queries and posts explaining the program and if you have any questions you can post them to the discussions area ...
    • 24 Mar 2021
  • Technical training on XDR Data lake with Queries used

    Technical training on XDR Data lake with Queries used

    Karl_Ackerman
    Karl_Ackerman
    For query assistance, please see the following Best Practices guide Watch the video from the technical demo where we cover how to use Live Discover datalake queries. https://vimeo.com/519661823 Queries used during SophSkills Demo DATA LAKE...
    • 10 Mar 2021
  • Live Discover Pivoting

    Live Discover Pivoting

    Karl_Ackerman
    Karl_Ackerman
    For those enrolled in the XDR & EDR Data Lake early access program (EAP), this week we will be launching new pivoting capabilities which allow administrators to rapidly navigate from the result of one query to an available Action, Query, or Enric...
    • 8 Mar 2021
  • MITRE ATT&CK Hunting in the Data Lake

    MITRE ATT&CK Hunting in the Data Lake

    Karl_Ackerman
    Karl_Ackerman
    For query assistance, please see the following Best Practices guide With the data lake we can do some interesting IOC hunts that perform counts across all devices for similar IOC's and with some use of variables we allow for the administra...
    • 26 Feb 2021
  • All you need to know about getting up and running

    All you need to know about getting up and running

    Kevin Kingston
    Kevin Kingston
    For anyone who's joined the XDR & EDR Data Lake Early Access Program, we've been providing instructions on the different steps to join and enroll devices but I thought it would be useful to have one full blog post covering those steps and also de...
    • 22 Feb 2021
  • Database Schemas explained

    Database Schemas explained

    Karl_Ackerman
    Karl_Ackerman
    For query assistance, please see the following Best Practices guide (NEW) Video on Schemas for EDR and Data Lake (15 Min) https://vimeo.com/515493008 With the addition of the data lake a significant amount of new information is available....
    • 21 Feb 2021
  • Video of XDR EAP Features

    Video of XDR EAP Features

    Karl_Ackerman
    Karl_Ackerman
    In this 7min video we show the features that were enabled on Feb 22nd for the Early Access Program for the XDR Data lake. Welcome to the EAP and stay tuned more features are coming in March and April as we add Context aware pivoting to another query...
    • 21 Feb 2021
  • Powerful Generic Search Query explained

    Powerful Generic Search Query explained

    Karl_Ackerman
    Karl_Ackerman
    For query assistance, please see the following Best Practices guide One of the most frequently used queries by our threat hunting team is a flexible generic search query against the data lake. Often you know exactly what you are looking fo...
    • 21 Feb 2021
  • Get an Inventory of all installed applications

    Get an Inventory of all installed applications

    Karl_Ackerman
    Karl_Ackerman
    For query assistance, please see the following Best Practices guide Below is a query that will list all installed applications, the publisher, application name, and version number. It performs some nice counting so you don't have to deal w...
    • 21 Feb 2021
  • EDR Data Lake API Intro Webinar

    EDR Data Lake API Intro Webinar

    Kevin Kingston
    Kevin Kingston
    Check out this webinar where the Sophos Engineering and PM team give an introduction on coding against the EDR Data Lake API and walk through using and modifying the Sophos Data Lake Test tool. vimeo.com/.../ad569fd23d
    • 18 Nov 2020
  • XG Firewall data

    XG Firewall data

    Karl_Ackerman
    Karl_Ackerman
    For query assistance, please see the following Best Practices guide I am adding a set of queries to explore information in the data lake from the XG Firewall. For the data lake to have information from the XG Firewall you will need to have...
    • 16 Nov 2020
  • API Guide - Getting Started

    API Guide - Getting Started

    Karl_Ackerman
    Karl_Ackerman
    You can find the getting started guide for the EDR Data Lake APIs available here on the apigee.io site we use. Overview This guide takes you through a few simple steps to start using the new EDR Data Lake APIs in Sophos Central. All our APIs are off...
    • 2 Nov 2020
>
Unfiltered HTML
  • Getting started
  • Legal
  • Privacy
  • Cookies

© 1997 - 2023 Sophos Ltd. All rights reserved.