For anyone who's joined the EDR Data Lake Early Access Program, we've been providing instructions on the different steps to join and enroll devices but I thought it would be useful to have one full blog post covering those steps and also detailing how to acquire and use the test tool to query the Data Lake APIs so here you go.
Step 1: Joining the EAP and enrolling devices
On requesting to join the Early Access Program, Sophos will request the region of the Central account you can plan to use for your testing. To identify the region of your account you can follow these steps:
The presentation available here will then walk you through joining the EAP, entering your invitation code and enrolling devices into the EAP.
A few things to note:
Step 2: Get your credentials for connecting to the API:
This step is in preparation of getting the test tool up and running. To run the test tool (or if you use some other method to connect to the APIs), you will need to a client ID and Client Secret. To obtain those details:
Step 3: Downloading, setting up the test tool and running queries
Select a Windows system managed by the Central account being used for the EAP. You can use this system to run the test tool and query the Data Lake. On this system you will need to install python 3.8 or above. You can download from here:
Important: During the Python install, choose the option to update the PATH value.
Note: At the end of the install there is also an option to override the initial PATH limit of 260 characters. It's been suggested that on a Window system that's been running for a while you may want to choose this option as well.
Once Python is installed the EDR Data Lake Test tool can be downloaded from GitHub here (click the Code dropdown and choose the option to 'Download ZIP':
At this point you are now able to run queries. They can be directly entered into the query text box in the tool, or use the file menu to 'Load Query' and then click Run Query to execute the query. Results should be seen in the Output text box.
A collection of about 80 queries can be found here in the Files section of the community. Just Download and extract the zip file.
Note: The command shell used to start the tool will remain open and will provide debug details on what is happening with the tool.
If you have any questions on these instructions or anything else or want to provide any feedback please use the Discussion section of this community here and we'll get back to you ASAP.