This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How often do servers/endpoints upload to the data lake?

There appears to be a delay between when an event happens on a server or endpoint and when I can run a live discover query on that data in the data lake. How long does it take for the Sophos agent to synchronize or upload it's data to the data lake?

This thread was automatically locked due to age.

Parents

0 RichardP over 3 years ago

Each different element in the query pack has its own schedule. They are bundled together and uploaded at a regular interval - I will double check the exact interval.

However, there is also a local daily limit to the total amount of data an endpoint can upload - if it exceeds that limit it will throttle and not send anything further until the next day.

RichardP

Program Manager, Support Readiness | CISSP | Sophos Technical Support
Support Videos | Product Documentation | @SophosSupport | Sign up for SMS Alerts
If a post solves your question use the 'Verify Answer' link.
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 RichardP over 3 years ago

Each different element in the query pack has its own schedule. They are bundled together and uploaded at a regular interval - I will double check the exact interval.

However, there is also a local daily limit to the total amount of data an endpoint can upload - if it exceeds that limit it will throttle and not send anything further until the next day.

RichardP

Program Manager, Support Readiness | CISSP | Sophos Technical Support
Support Videos | Product Documentation | @SophosSupport | Sign up for SMS Alerts
If a post solves your question use the 'Verify Answer' link.
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data