Intercept X with XDR Data Lake

Sophos Extended Detection and Response (XDR) lets you search for potential threats and monitor devices by looking at data in the cloud.

Sophos XDR includes all the threat hunting, analysis, and remediation functions already available in Sophos EDR but extends them with the Data Lake feature.

The Data Lake makes data about your devices available in the cloud. You can then use Sophos Live Discover to do as follows:
  • Run security queries on all your devices, even if they're not connected.
  • Query data from the past 7 days or the past 30 days (depending on your license).
  • Schedule your queries.
  • Query security data from multiple Sophos products, including Sophos Firewall and Sophos Email, as well as Intercept X.

The Data Lake is available with an Intercept X license that includes EDR. Advanced features like querying data from multiple products require a license that includes XDR.

To get started with Data Lake queries, go to Overview > Threat Analysis Center > Live Discover

For help, see Live Discover