Sophos Community
Site
User
Site
Search
User
Community & Product Forums
Sophos Endpoint
Sophos Firewall
Sophos Central
Sophos Factory
Sophos Mobile
Sophos Cloud Optix
Sophos Sensor
Sophos Switch
Sophos Wireless
Sophos Email
UTM Firewall
Community Blogs & Events
Sophos Community Blog
Community Security Blog
Product Documentation Blog
Application Control
Getting Started
Sophos Partners
Member Recognition
Community Leaderboards
More
Cancel
Sophos Endpoint
More
EDR Data Lake EAP
Announcements
Announcements
Discussions
Files
Queries
More
Cancel
New
EDR Data Lake EAP requires membership for participation - click to join
Announcements
Subscribe
Subscribe by email
Posts RSS
More
Cancel
Tags
Subscribe by email
More
Cancel
By date
By view count
By comment count
Descending
Ascending
EAP: Simplified, SQL-free search in Sophos XDR
Lauren Horaist
We’re excited to announce a new search experience that makes it easier to investigate and hunt threats on the endpoint. This Early Access Program (EAP) is delivering the first major step towards reducing search complexity and enabling you ...
3 Mar 2023
New Detection views
Karl_Ackerman
We have been adding the ability to view more detection information both from the Sophos managed devices and from 3rd party integrations. In this update you can now view all detections and manage filters to see just detections that map to a specific M...
19 Oct 2022
Now available - MS 365 Azure Audit logs and XDR Data lake
Karl_Ackerman
For query assistance, please see the following
Best Practices
guide We have enabled the ability to add the Office 365 Audit log information into the Sophos XDR Data Lake. This capability is available for ALL XDR customers at NO ADDITI...
1 Dec 2021
XDR Detections EAP
Karl_Ackerman
Now with the XDR Detections EAP open folks can see all activity that has been classified to MITRE ATT&CK. The new page is in the Threat Analysis Center and has lots of really great information on what has been observed in your environment. &...
20 Oct 2021
Winding down of the XDR & EDR Data Lake Early Access Program (Update June 30, 2021)
Kevin Kingston
As previously communicated, from the beginning of June, no new customers are able to enroll into the XDR & EDR Data Lake Endpoint and Server early access programs (EAPs). For customers who were already enrolled, they are no longer able to a...
30 Jun 2021
Winding down of the XDR & EDR Data Lake Early Access Program (Update June 16, 2021)
Kevin Kingston
As previously communicated, from the beginning of June, no new customers are able to enroll into the XDR & EDR Data Lake Endpoint and Server early access programs (EAPs). For customers who were already enrolled, they are no longer able to a...
15 Jun 2021
Winding down of the XDR & EDR Data Lake Early Access Program
Kevin Kingston
Hello All, With EDRv4 and our new XDR offering having become generally available in mid-May, Sophos will now begin the wind down of the XDR & EDR Data Lake Early Access Programs. At this point we will not be introducing any new functionalit...
4 Jun 2021
Scheduled Query for automatic report generation (PREVIEW)
Karl_Ackerman
With the release of the product we will be adding scheduled query reports. This feature is NOT YET available in the EAP but is coming with the general release in mid May. For those eager to see it before it is complete I have recor...
21 Apr 2021
EMAIL information now in the data lake
Karl_Ackerman
BRIEF Video on EMAIL and the Data Lake. In this video we show the EMAIL Attachment and URL table that is available in the data lake, we also pivot from a URL seen an an email to ask if any endpoint have ever communicated to that URL and if so what pr...
21 Apr 2021
Intercept X EDR XDR Overview
Karl_Ackerman
A 30 min tour of some of the capabilities of Sophos Intercept X with EDR XDR. In this 30 min video I touch on some of the core concepts in the product and explain a bit about how queries work and show some of the features. It by no means covers...
20 Apr 2021
Generate Threat Case from Live Discovery file path
Karl_Ackerman
Often administrators would prefer to see the graphical view of the attack instead of the tables. With a graphical view it is often MUCH easier to understand what was happening and come to a decision is something is malicious or not. To he...
19 Apr 2021
Update XDR (EMAIL data, Scheduled Reports, Enrichment Pivots)
Karl_Ackerman
Lots of new features are going to be enabled on Wed April 21. We are still on track for GA in mid May. Video:
19 Apr 2021
Pivots and the Depth of information available
Karl_Ackerman
We continue to make excellent progress to the intended May release of the Data Lake version of the product. This week I wanted to demonstrate some of the capabilities we have just added around Pivots and the Depth of information available for admins ...
8 Apr 2021
Frequently asked questions
Karl_Ackerman
Welcome to the EDR Data Lake EAP (Early Access Program). How do I learn more In this forum you will find a number of documents, videos, queries and posts explaining the program and if you have any questions you can post them to the
discussions
area ...
24 Mar 2021
Technical training on XDR Data lake with Queries used
Karl_Ackerman
For query assistance, please see the following
Best Practices
guide Watch the video from the technical demo where we cover how to use Live Discover datalake queries.
https://vimeo.com/519661823
Queries used during SophSkills Demo DATA LAKE...
10 Mar 2021
Live Discover Pivoting
Karl_Ackerman
For those enrolled in the XDR & EDR Data Lake early access program (EAP), this week we will be launching new pivoting capabilities which allow administrators to rapidly navigate from the result of one query to an available Action, Query, or Enric...
8 Mar 2021
MITRE ATT&CK Hunting in the Data Lake
Karl_Ackerman
For query assistance, please see the following
Best Practices
guide With the data lake we can do some interesting IOC hunts that perform counts across all devices for similar IOC's and with some use of variables we allow for the administra...
26 Feb 2021
All you need to know about getting up and running
Kevin Kingston
For anyone who's joined the XDR & EDR Data Lake Early Access Program, we've been providing instructions on the different steps to join and enroll devices but I thought it would be useful to have one full blog post covering those steps and also de...
22 Feb 2021
Database Schemas explained
Karl_Ackerman
For query assistance, please see the following
Best Practices
guide (NEW) Video on Schemas for EDR and Data Lake (15 Min)
https://vimeo.com/515493008
With the addition of the data lake a significant amount of new information is available....
21 Feb 2021
Video of XDR EAP Features
Karl_Ackerman
In this 7min video we show the features that were enabled on Feb 22nd for the Early Access Program for the XDR Data lake. Welcome to the EAP and stay tuned more features are coming in March and April as we add Context aware pivoting to another query...
21 Feb 2021
Powerful Generic Search Query explained
Karl_Ackerman
For query assistance, please see the following
Best Practices
guide One of the most frequently used queries by our threat hunting team is a flexible generic search query against the data lake. Often you know exactly what you are looking fo...
21 Feb 2021
Get an Inventory of all installed applications
Karl_Ackerman
For query assistance, please see the following
Best Practices
guide Below is a query that will list all installed applications, the publisher, application name, and version number. It performs some nice counting so you don't have to deal w...
21 Feb 2021
EDR Data Lake API Intro Webinar
Kevin Kingston
Check out this webinar where the Sophos Engineering and PM team give an introduction on coding against the EDR Data Lake API and walk through using and modifying the Sophos Data Lake Test tool.
vimeo.com/.../ad569fd23d
18 Nov 2020
XG Firewall data
Karl_Ackerman
For query assistance, please see the following
Best Practices
guide I am adding a set of queries to explore information in the data lake from the XG Firewall. For the data lake to have information from the XG Firewall you will need to have...
16 Nov 2020
API Guide - Getting Started
Karl_Ackerman
You can find the getting started guide for the EDR Data Lake APIs available
here
on the apigee.io site we use. Overview This guide takes you through a few simple steps to start using the new EDR Data Lake APIs in Sophos Central. All our APIs are off...
2 Nov 2020
>