The test tool will be available as a GIT project for download, and is also included here as a ZIP file.
Install Instructions:
- Install python 3.8 or above on a windows device that is a protected central intercept x with EDR for the account
- During install indicate that it should update the PATH value
- https://www.python.org/downloads/
- Once python is installed download and extract the XDR_Query ZIP.
- Open and cmd.exe terminal shell as admin and run pip install -r requirements.txt from the folder with the tool
- You can now launch the Data Lake API test tool. xdr_query_gui.py
- C:\XDR_API_V2>xdr_query_gui.py
Looking for queries, check out the file section in the forum to download query files you can load into the tool and also look in the query sections for examples and the output you should see. https://community.sophos.com/intercept-x-endpoint/edr-data-lake-eap/i/queries
