Release Notes & News

Hi all, This weekend we are making some policy changes relating to the SSL/TLS decryption of HTTPS websites. We will be adding a toggle for SSL/TLS decryption into the Threat Protection policy for all customers. This new setting will determine if En...

We will be enabling the ability to add the Office 365 Audit log information into the Sophos XDR Data Lake. This capability will be available for ALL XDR customers at NO ADDITIONAL CHARGE.  To get early access to the capability you should join th...

Follow Kushal from the Sophos Community Team as he walks you through the Sophos Central Migration Tool. With Enterprise console nearing the end of support, now is the time to migrate to Sophos Central. Watch the full video: https://techvids.sophos.co...

We're working on a new feature to help identify when Central accounts are configured in ways that reduce security, so that admins can take action to improve their protection. Feedback is appreciated at any stage, you can comment on this blog post. ...

Hi all, As you will have read in the Recommended Read from last week; we released an update to Intercept X, 2.0.23. This week we will start enabling new features that are part of the update for devices that are running in the New Endpoint/Server...

Sophos are excited to announce that from today we have started the rollout of the new Detections functionality to all Sophos XDR customers. The rollout is being done in stages with additional functionality being added over time. In this first release...

As part of the regular maintenance of the XDR Live Discover extension from Sophos we review the use of extension tables provided. In that review we see that only 5 customer created queries have leveraged the Public_IP extension table for live discove...

Today we will start uploading data from Intercept X Advanced XDR Mac devices to the Sophos Data Lake where Endpoint Data Lake uploads have been enabled.  The plan is to slowly enable across our customer base doing 30% of accounts today, assumin...

Now with the XDR Detections EAP open folks can see all activity that has been classified to MITRE ATT&CK. The new page is in the Threat Analysis Center and has lots of really great information on what has been observed in your environment. &...

This EAP is a persistent program where you can subscribe to the latest and greatest new features and fixes. Participants are encouraged to try out these features and provide feedback to or development team to help improve the product.  Improveme...

Hi all, HTTPS inspection is being enabled by default for devices in the EAP now that the roll out has finished, (both Endpoint and Server). When users visit websites via browsers the Sophos endpoint will decrypt HTTPS network traffic for the pur...

We are excited to announce the opening of the Detections and Investigations Early Access Program (EAP).  The EAP begins with the introduction of the Detections dashboard which provides a prioritized list of suspicious activity for further invest...

With XDR we have access to the OSQuery supported tables and the ability to write our own SQL queries that can include variables.  One of the tables available is a YARA table.  This allows you to supply a signature file and path and the unde...

Hi Community, On behalf of the team, we would like to thank everyone who participated in our Apple M1 (ARM) Early Access Program, especially those who took the time to share their feedback. With Apple M1 (ARM) now officially supported,...

Over the past few weeks and coming weeks we have/will release some new Intercept X Advanced with XDR features that I wanted to make everyone aware of. Live Discover Customer Defined Enrichments: Customers can now define their own Live Discover data e...

Just a quick note to say that all of Season 2 is now available at the on-demand page, for you to review and please share with colleagues! https://events.sophos.com/sophosthreathuntingacademy2  We have one more video to come which will...

Having attended the series, to become a Sophos XDR Certified Admin, you now just need to take a short test to validate your knowledge. Completion of this (the pass mark is 80%) will automatically send over your certificate, which you can print out an...

Hi all, On July 22nd we launch our Server Protection anti-virus plugin for all customers, so you can now run on-demand scans of your Linux servers. This update will provide the following features and functionality: Next generation threat detect...

For the typical Central administrator using Live Discover, often times you are just looking to run a pre-canned query to get results as quick and easy as possible so we've made some changes in Central to help simplify using Live Discover for those ad...

I really enjoyed today's session - I hope you did too! Really interesting content from Brandon, and great to see the power of Firewall and Server working together. There's a number of good Threat Simulation platforms as we discussed in today&...

Great sessions this week - thanks to all of you for joining in with the conversations. Here's some of the areas Ben covered in his session, and the resources that you might want to explore further... As mentioned in our discussions it's ofte...

Great to see so many of you on the sessions today - thanks for tuning in and getting stuck into the interactive side. It's really good knowing we have so many keen threat hunters out there! Here's a collection of resources from Ashek - please do let ...

We're less than 2 days out from kicking off the next season of the Sophos Threat Hunting Academy, and I for one can't wait to get started! We have some much we want to share with you this time round, and the power you can add to your threat hunting w...

In May, we achieved a few significant strategic milestones in our product roadmap.  This included advancements in our EDR offering, the introduction of the Sophos Data Lake, and the launch of Extended Detection and Response (XDR) with integrati...