Welcome to the EDR Data Lake EAP (Early Access Program).
How do I learn more
How do I join the EAP
What is included in the Early Access Program
For customers who join and enroll devices into these endpoint and/or server early access programs, the version of the endpoint/server that will get installed to enrolled devices will run scheduled Sophos managed threat hunting focused queries (similar to those run by the Sophos Managed Threat Response team). The results of queries will be stored in the new Sophos Data Lake which is queryable via APIs and also via our Live Discover functionality in Sophos Central. The Sophos Data lake will include XG Firewall data if Central Firewall reporting is enabled. This new functionality means that customers will be able to threat hunt using this offline data regardless of the actual state of the device. Admins will have the ability to:
What information is included in the data lake
How much information does each endpoint send to the data lake
Will all my devices be filling the Data Lake with information? Can I select what devices will participate?
Can I test the Data Lake if I do not know how to use APIs, will Sophos supply any test tools?
Will Sophos provide sample queries for me to use
Are there any known issues to be aware of?