Announcements

We’re excited to announce a new search experience that makes it easier to investigate and hunt threats on the endpoint. This Early Access Program (EAP) is delivering the first major step towards reducing search complexity and enabling you ...

We have been adding the ability to view more detection information both from the Sophos managed devices and from 3rd party integrations. In this update you can now view all detections and manage filters to see just detections that map to a specific M...

For query assistance, please see the following Best Practices guide We have enabled the ability to add the Office 365 Audit log information into the Sophos XDR Data Lake. This capability is available for ALL XDR customers at NO ADDITI...

Now with the XDR Detections EAP open folks can see all activity that has been classified to MITRE ATT&CK. The new page is in the Threat Analysis Center and has lots of really great information on what has been observed in your environment. &...

As previously communicated, from the beginning of June, no new customers are able to enroll into the XDR & EDR Data Lake Endpoint and Server early access programs (EAPs).  For customers who were already enrolled, they are no longer able to a...

As previously communicated, from the beginning of June, no new customers are able to enroll into the XDR & EDR Data Lake Endpoint and Server early access programs (EAPs).  For customers who were already enrolled, they are no longer able to a...

Hello All, With EDRv4 and our new XDR offering having become generally available in mid-May, Sophos will now begin the wind down of the XDR & EDR Data Lake Early Access Programs.  At this point we will not be introducing any new functionalit...

With the release of the product we will be adding scheduled query reports.    This feature is NOT YET available in the EAP but is coming with the general release in mid May.  For those eager to see it before it is complete I have recor...

BRIEF Video on EMAIL and the Data Lake. In this video we show the EMAIL Attachment and URL table that is available in the data lake, we also pivot from a URL seen an an email to ask if any endpoint have ever communicated to that URL and if so what pr...

A 30 min tour of some of the capabilities of Sophos Intercept X with EDR XDR.  In this 30 min video I touch on some of the core concepts in the product and explain a bit about how queries work and show some of the features. It by no means covers...

Often administrators would prefer to see the graphical view of the attack instead of the tables.   With a graphical view it is often MUCH easier to understand what was happening and come to a decision is something is malicious or not. To he...

Lots of new features are going to be enabled on Wed April 21.  We are still on track for GA in mid May. Video:

We continue to make excellent progress to the intended May release of the Data Lake version of the product. This week I wanted to demonstrate some of the capabilities we have just added around Pivots and the Depth of information available for admins ...

Welcome to the EDR Data Lake EAP (Early Access Program). How do I learn more In this forum you will find a number of documents, videos, queries and posts explaining the program and if you have any questions you can post them to the discussions area ...

For query assistance, please see the following Best Practices guide Watch the video from the technical demo where we cover how to use Live Discover datalake queries. https://vimeo.com/519661823 Queries used during SophSkills Demo DATA LAKE...

For those enrolled in the XDR & EDR Data Lake early access program (EAP), this week we will be launching new pivoting capabilities which allow administrators to rapidly navigate from the result of one query to an available Action, Query, or Enric...

For query assistance, please see the following Best Practices guide With the data lake we can do some interesting IOC hunts that perform counts across all devices for similar IOC's and with some use of variables we allow for the administra...

For anyone who's joined the XDR & EDR Data Lake Early Access Program, we've been providing instructions on the different steps to join and enroll devices but I thought it would be useful to have one full blog post covering those steps and also de...

For query assistance, please see the following Best Practices guide (NEW) Video on Schemas for EDR and Data Lake (15 Min) https://vimeo.com/515493008 With the addition of the data lake a significant amount of new information is available....

In this 7min video we show the features that were enabled on Feb 22nd for the Early Access Program for the XDR Data lake. Welcome to the EAP and stay tuned more features are coming in March and April as we add Context aware pivoting to another query...

For query assistance, please see the following Best Practices guide One of the most frequently used queries by our threat hunting team is a flexible generic search query against the data lake. Often you know exactly what you are looking fo...

For query assistance, please see the following Best Practices guide Below is a query that will list all installed applications, the publisher, application name, and version number. It performs some nice counting so you don't have to deal w...

Check out this webinar where the Sophos Engineering and PM team give an introduction on coding against the EDR Data Lake API and walk through using and modifying the Sophos Data Lake Test tool. vimeo.com/.../ad569fd23d

For query assistance, please see the following Best Practices guide I am adding a set of queries to explore information in the data lake from the XG Firewall. For the data lake to have information from the XG Firewall you will need to have...

You can find the getting started guide for the EDR Data Lake APIs available here on the apigee.io site we use. Overview This guide takes you through a few simple steps to start using the new EDR Data Lake APIs in Sophos Central. All our APIs are off...