Hi,
due to some strange German law, there must be some wistle-blowing URL to be excluded from decrypting but also from logging.
is that possible with Sophos Endpoint / Central?
What about Datalake?
Though it's a nightmare in terms of security, authorities believe it's the best option for employees to use it's companies IT infrastructure to report towards a cloud based whistle-blowing system.
Hi LHerzog,
Thanks for reaching out.
Can you provide me with any additional references to the websites in question or possibly some documentation on the government websites that go into detail regarding this so I may share it with our team?
Web Control will only log an event if the website is blocked. Once the website-blocked entry is created it’s not possible to delete the event from the events list. It’s also not possible to delete items from the Data Lake.
Some additional information on data retention:
Data in the Sophos Data Lake will be stored for 30 days for Intercept X Endpoint and Server XDR customers.
XDR customers who have also purchased Central Firewall Reporting will be able to access up to 1 year of data in the Sophos Data Lake within Firewall Reporting. XDR customers are limited to the last 30 days of data analysis.
Allow me some time to inquire with our team, and I will update you here.
I've followed up with our team now and will keep you updated on this.
I've followed up with our team now and will keep you updated on this.
