Skip to content

Page permalink

Always use the following permalink when referencing this page. It will remain unchanged in future help versions.

https://docs.sophos.com/central/enterprise/help/en-us/index.html?contextId=endpoint-data-collection-policy

Data Collection and Investigation Policy

The Data Collection and Investigation policy lets you upload data from computers to the Sophos Data Lake. The policy also lets you use Live Response to access and investigate computers.

To view or edit the policy, do as follows:

  1. Click the Settings & Policies icon Settings & Policies icon..
  2. Under Global sub-estate settings, click Global templates.
  3. Select a policy, then click Base policies.
  4. Under Name, click Data Collection and Investigation.

Next, configure the settings below.

Live Response

You must be an Enterprise Super Admin to change Live Response settings.

Allow Live Response connections to computers: This setting lets you connect directly to computers to investigate and remediate possible security issues.

You can use Live Response to stop suspicious processes, restart computers with pending updates, browse folders, delete files, and more.

Live Response is turned off by default.

For more information on using Live Response, see Set up and start Live Response.

Data Lake uploads

You must be an Enterprise Super Admin to change Data Lake upload settings.

Upload to the Data Lake: This setting allows computers and products to upload security data to the Sophos Data Lake. You can query this data with Live Discover or our AI assistant.

Data Lake uploads are turned on by default.

Note

If you have a large environment, you might experience a sudden increase in network traffic when Data Lake uploads are turned on.

For more information on Data Lake uploads, see Data Lake uploads.

Note

You can add data from other Sophos products and third-party products to our Data Lake. For a list, see Products.