Click to view the Japanese version: Intercept X Advanced with EDR のアップデート With the launch of EDR 4.0 in May, Sophos has introduced significant enhancements to the Endpoint Detection and Response (EDR) offering.  A key new EDR component is the S...

Hello All, With EDRv4 and our new XDR offering having become generally available in mid-May, Sophos will now begin the wind down of the XDR & EDR Data Lake Early Access Programs.  At this point we will not be introducing any new functionalit...

We are pleased to announce that today, May 19, we have released some exciting updates for all customers using Sophos EDR (Endpoint Detection and Response) with Intercept X Advanced with EDR and Intercept X Advanced for Server with EDR. What’s n...

Following on from my announcement back in December about changes to AWS and Azure Connectors in Intercept X for Server; i'm pleased to inform you about Cloud Optix Standard. Sophos Intercept X Advanced for Server customers now benefit from C...

Sophos appreciates your assistance. Please make sure to read all the items in this post. Also, please report any issues on the Discussions forum - we need your feedback to help improve the product. Overview This Early Access Program allows...

Hi Community, On behalf of the team, we would like to thank everyone who participated in our Big Sur Early Access Program and especially those who took the time to share their feedback. The team would also like to extend a special thank you...

With the release of the product we will be adding scheduled query reports.    This feature is NOT YET available in the EAP but is coming with the general release in mid May.  For those eager to see it before it is complete I have recor...

BRIEF Video on EMAIL and the Data Lake. In this video we show the EMAIL Attachment and URL table that is available in the data lake, we also pivot from a URL seen an an email to ask if any endpoint have ever communicated to that URL and if so what pr...

A 30 min tour of some of the capabilities of Sophos Intercept X with EDR XDR.  In this 30 min video I touch on some of the core concepts in the product and explain a bit about how queries work and show some of the features. It by no means covers...

Often administrators would prefer to see the graphical view of the attack instead of the tables.   With a graphical view it is often MUCH easier to understand what was happening and come to a decision is something is malicious or not. To he...

Lots of new features are going to be enabled on Wed April 21.  We are still on track for GA in mid May. Video:

We continue to make excellent progress to the intended May release of the Data Lake version of the product. This week I wanted to demonstrate some of the capabilities we have just added around Pivots and the Depth of information available for admins ...

Welcome to the EDR Data Lake EAP (Early Access Program). How do I learn more In this forum you will find a number of documents, videos, queries and posts explaining the program and if you have any questions you can post them to the discussions area ...

Introduction

Welcome to the Sophos EDR Threat Hunting Framework. This document is intended to guide an experienced threat hunter through the process of initiating a hunt, gathering and enriching data, then taking the required action…

I hope you all enjoyed the series as much as we did in running it - it sounds from talking to some of you that the topics covered were useful and it was great to see so much interaction during the sessions. We plan to to run another Threat Hunti...

Having attended the series, to become a Sophos EDR Certified Admin, you now just need to take a short test to validate your knowledge. Completion of this (the pass mark is 80%) will automatically send over your certificate, which you can print out an...

After the launch of Intercept X Advanced with EDR in late 2018, we introduced the EDRv1 Data Feed (aka Trickle Feed) functionality to enable Administrators to easily view Threat Indicators and perform Threat Searches. Now there is a better way! The L...

Welcome to Monday everyone!  We're busily getting ready for our final session in the series tomorrow, where we'll be running through a live threat hunt with all of you. Can't wait to get started with it - should be fun Don't fo...

Hope you all enjoyed today's session - I love seeing this end of the chain; as Ben said on the EMEA session, this is the 'fun' bit where everything we've learnt so far comes together! Here's links to a few resources that we mentio...

Watch the video from the technical demo where we cover how to use Live Discover datalake queries. Video: https://vimeo.com/519661823 Queries used during SophSkills Demo DATA LAKE - List all EP and FW tables in the data lake This query will need ...

Hi Community,  A new version of Intercept X has been released to our Sophos Central customers. The release updates: Sophos Central Intercept X version to 2.0.20 HitmanPro.Alert component version to 3.8.1.504 Resolved issues Resolved issues fo...

Great to see so many of you on the session today and interacting - thanks! I hope the new platform worked well for you. Here's a few query resources that I wanted to share following Andy's session: https://community.sophos.com/intercept-x-endpoin...

For those enrolled in the XDR & EDR Data Lake early access program (EAP), this week we will be launching new pivoting capabilities which allow administrators to rapidly navigate from the result of one query to an available Action, Query, or Enric...

Thanks Kris for a great session today!  Kris used quite a few queries which are listed below for you to test out and use on your network: RDP Status- https://community.sophos.com/intercept-x-endpoint/i/query-forum/simple-query-to-audit-microsof...

Just a quick note to say that session 1 is now available at the on-demand page, for you to review and please share with colleagues! https://events.sophos.com/threatacademyondemand  We'll get other sessions up as soon as possible after they&#...