Skip to content

Page permalink

Always use the following permalink when referencing this page. It will remain unchanged in future help versions.

https://docs.sophos.com/central/enterprise/help/en-us/index.html?contextId=server-data-collection-policy

Server Data Collection and Investigation Policy

The Data Collection and Investigation policy lets you upload data from servers to the Sophos Data Lake. This policy also lets you use Live Response to access and investigate servers.

To view or edit the policy, do as follows:

  1. Go to Configure > Settings & policies.
  2. Under Global customer settings, click Global templates.
  3. Select a policy, then click Base policies.
  4. Under Name, click Data Collection and Investigation.

Next, configure the settings below.

Live Response

You must be an Enterprise Super Admin to change Live Response settings.

Allow Live Response connections to servers: This setting lets you connect directly to any supported server on your network to investigate and remediate possible security issues.

You can use Live Response to stop suspicious processes, restart devices with pending updates, browse folders, delete files, and more.

Live Response is turned off by default.

For more information on using Live Response, see Set up and start Live Response.

Data Lake uploads

You must be an Enterprise Super Admin to change Data Lake upload settings.

Upload to the Data Lake: This setting allows your servers to upload security data to the Sophos Data Lake. You can query this data with Live Discover or our AI assistant.

Data Lake uploads are turned on by default.

Note

If you have a large environment, you might experience a sudden increase in network traffic when Data Lake uploads are turned on.

For more information on Data Lake uploads, see Data Lake uploads.

Note

You can add data from other Sophos products and third-party products to our Data Lake. For a list, see Products.