Release Notes & News

We continue to make excellent progress to the intended May release of the Data Lake version of the product. This week I wanted to demonstrate some of the capabilities we have just added around Pivots and the Depth of information available for admins ...

Welcome to the EDR Data Lake EAP (Early Access Program). How do I learn more In this forum you will find a number of documents, videos, queries and posts explaining the program and if you have any questions you can post them to the discussions area ...

I hope you all enjoyed the series as much as we did in running it - it sounds from talking to some of you that the topics covered were useful and it was great to see so much interaction during the sessions. We plan to to run another Threat Hunti...

Having attended the series, to become a Sophos EDR Certified Admin, you now just need to take a short test to validate your knowledge. Completion of this (the pass mark is 80%) will automatically send over your certificate, which you can print out an...

After the launch of Intercept X Advanced with EDR in late 2018, we introduced the EDRv1 Data Feed (aka Trickle Feed) functionality to enable Administrators to easily view Threat Indicators and perform Threat Searches. Now there is a better way! The L...

Welcome to Monday everyone!  We're busily getting ready for our final session in the series tomorrow, where we'll be running through a live threat hunt with all of you. Can't wait to get started with it - should be fun Don't fo...

Hope you all enjoyed today's session - I love seeing this end of the chain; as Ben said on the EMEA session, this is the 'fun' bit where everything we've learnt so far comes together! Here's links to a few resources that we mentio...

Watch the video from the technical demo where we cover how to use Live Discover datalake queries. Video: https://vimeo.com/519661823 Queries used during SophSkills Demo DATA LAKE - List all EP and FW tables in the data lake This query will need ...

Hi Community,  A new version of Intercept X has been released to our Sophos Central customers. The release updates: Sophos Central Intercept X version to 2.0.20 HitmanPro.Alert component version to 3.8.1.504 Resolved issues Resolved issues fo...

Great to see so many of you on the session today and interacting - thanks! I hope the new platform worked well for you. Here's a few query resources that I wanted to share following Andy's session: https://community.sophos.com/intercept-x-endpoin...

For those enrolled in the XDR & EDR Data Lake early access program (EAP), this week we will be launching new pivoting capabilities which allow administrators to rapidly navigate from the result of one query to an available Action, Query, or Enric...

Thanks Kris for a great session today!  Kris used quite a few queries which are listed below for you to test out and use on your network: RDP Status- https://community.sophos.com/intercept-x-endpoint/i/query-forum/simple-query-to-audit-microsof...

Just a quick note to say that session 1 is now available at the on-demand page, for you to review and please share with colleagues! https://events.sophos.com/threatacademyondemand  We'll get other sessions up as soon as possible after they&#...

Hi Community,  The following is being released to Sophos Central Window Servers: Server Core Agent 2.15.4 Endpoint Advanced 10.8.10 The following are changes of note introduced in this release: Enablement of Tamper Protection in safe boot Upd...

Great interaction again on today's session - thanks for joining in! I loved having a proper look at how code can be executed on your network and devices, and what Sophos EDR can do to help you threat hunt. We'll see more of that power in the remainin...

I hope you enjoyed the first session - that's just a taster of the amazing content we've got for you in the next couple of weeks! There were a couple of resources mentioned in the session which I've listed below for reference in case: VirusTotal -&n...

The latest of our Live Response enhancements is now available to customers with the release of our new Live Response per session audit logs.   Typically a few minutes after running a Live Response session, if you navigate to the Logs and R...

Welcome! This page is where we'll post any follow-on resources from the Threat Hunting Academy series, so that you can continue to learn and explore after the sessions. Do let us know in the Comments below if you have any feedback or extra informati...

With the data lake we can do some interesting IOC hunts that perform counts across all devices for similar IOC's and with some use of variables we allow for the administrator to rapidly focus on things of interest. Watch the Video: https://vimeo.com/...

Hello Community. A new version of Sophos Central Endpoint for macOS and Sophos Anti-virus for macOS (OPM) has been released now.  The release versions are:  Central 10.0.4 OPM 9.10.2  Release information This release contains th...

We're pleased to announce that the XDR & EDR Data Lake Early Access Program is now publicly available to our Intercept X Endpoint and Server customers. For customers who join and enroll devices into these endpoint and/or server early access progr...

For anyone who's joined the XDR & EDR Data Lake Early Access Program, we've been providing instructions on the different steps to join and enroll devices but I thought it would be useful to have one full blog post covering those steps and also de...

(NEW) Video on Schemas for EDR and Data Lake (15 Min) With the addition of the data lake a significant amount of new information is available.  In this document we will discuss each of the core database schemas. For those that simply want the ...

In this 7min video we show the features that were enabled on Feb 22nd for the Early Access Program for the XDR Data lake. Welcome to the EAP and stay tuned more features are coming in March and April as we add Context aware pivoting to another query...

One of the most frequently used queries by our threat hunting team is a flexible generic search query against the data lake. Often you know exactly what you are looking for but sometimes you want to start from a high level view and work your way deep...