Skip to content

Page permalink

Always use the following permalink when referencing this page. It will remain unchanged in future help versions.

https://docs.sophos.com/central/partner/help/en-us/index.html?contextId=endpoint-data-collection-policy

Data Collection and Investigation Policy

The Data Collection and Investigation policy lets you upload data from servers to the Sophos Data Lake. The policy also lets you use Live Response to access and investigate servers.

To view or edit the policy, do as follows:

  1. Go to Configure > Settings & policies.
  2. Under Global customer settings, click Global templates.
  3. Select a policy, then click Base policies.
  4. Under Name, click Data Collection and Investigation.

Next, configure the settings below.

Live Response

You must be a Partner Super Admin to change Live Response settings.

Allow Live Response connections to computers: This setting lets you connect directly to computers to investigate and remediate possible security issues.

You can use Live Response to stop suspicious processes, restart computers with pending updates, browse folders, delete files, and more.

Live Response is turned off by default.

For more information on using Live Response, see Set up and start Live Response.

Data Lake uploads

!!! info "You must be a Partner Super Admin to change Data Lake upload settings.

Upload to the Data Lake: This setting allows computers and products to upload security data to the Sophos Data Lake. You can query this data with Live Discover or our AI assistant.

Data Lake uploads are turned on by default.

Note

If you have a large environment, you might experience a sudden increase in network traffic when Data Lake uploads are turned on.

For more information on Data Lake uploads, see Data Lake uploads.

Note

You can add data from other Sophos products and third-party products to our Data Lake. For a list, see Products.