fast international shipping
ISO 9001/27001 Corporate certification
Manufacturer certified experts for your project-
fast international shippingISO 9001/27001 Corporate certificationManufacturer certified experts for your project
Sophos Data Lake stores critical information from your EDR-enabled endpoints and servers, which means you can access that data even when those devices are offline.
Not only does the Sophos Data Lake allow you to retrieve important data from devices even when they are not online (e.g. if they were taken offline during an attack or a laptop was misplaced), but the Sophos Data Lake also enables event correlation on a much broader scale. For example, you can quickly identify that a suspicious account is logged in across multiple devices.
Then, once you've identified an area of interest, you can query the device with Live Discover and get incredibly rich live data and remotely access the device via Live Response to take appropriate action. It's the best of both worlds.
You get 7 days retention in the Data Lake by default (30 days with Sophos XDR), in addition to up to 90 days already stored directly on the devices.
Please note that you need to activate the Sophos Data Lake. In your Sophos Central console, select 'Global settings' and then under 'Endpoint or server protection' (or both), select 'Data Lake uploads' and enable the 'Upload to Data Lake' toggle. In the same window, you can also select which devices send data to the Sophos Data Lake.
Sophos Data Lake is available now for Windows and Linux devices. Mac support will follow later this year.
One of the most requested features of this release is the introduction of scheduled queries so that you always have critical information at hand. Queries can be scheduled to run overnight so that important data is ready for analysis the next day.
To set up a scheduled query, you must first select a query by going to the Threat Analysis Centre and then to Live Discover. Once you have selected the query you want to run, a new option will appear that allows you to schedule the query instead of running it immediately.
If the query has been successfully scheduled, it will appear in your 'Scheduled Queries' list.
Scheduled queries are now available for Sophos Data Lake queries. Windows and Linux devices can now use scheduled queries, with Mac support to follow later this year. Scheduled queries for on-disk queries will be available later this year.
Work even faster with improved workflows and pivoting. Get to important information faster and perform actions and reactions even faster.