Sophos Community
Site
User
Site
Search
User
Community & Product Forums
Sophos Endpoint
Sophos Firewall
Sophos Central
Sophos Factory
Sophos Mobile
Sophos Cloud Optix
Sophos Sensor
Sophos Switch
Sophos Wireless
Sophos Email
UTM Firewall
Community Blogs & Events
Sophos Community Blog
Community Security Blog
Product Documentation Blog
Application Control
Getting Started
Sophos Partners
Sophos Partners Group
Member Recognition
Community Leaderboards
More
Cancel
Sophos Endpoint
Release Notes & News
EDR Live Response session audit logs
Release Notes & News
Discussions
Recommended Reads
Threat Hunting Academy
Early Access Programs
Live Discover & Response Query Forum
More
Cancel
New
EDR Live Response session audit logs
Live Response
EDR
Subscribe by email
More
Cancel
Share
Subscribe by email
More
Cancel
Related
Recommended
Kevin Kingston
2 Mar 2021
The latest of our Live Response enhancements is now available to customers with the release of our new Live Response per session audit logs.
Typically a few minutes after running a Live Response session, if you navigate to the Logs and Reports page in Central, under ‘Endpoint & Server Protection Logs’ you’ll see the new ‘Live Response session audit’ log:
When you go into the log you’ll see a list of past sessions (we’ll store session logs for the past 90 days).
Note:
Only Super Admins or Admins with the Manage Live Response settings permissions will be able to take the action to download the session logs. The admin can then download a compressed file with details on the commands entered during the session.
One other thing worth pointing out, in the Central Audit log, where the Live Response session start and end entries are logged we are including a link which will open a new tab and bring you into the Live Response session audit report (it just brings you into the report and not doesn’t do anything related to a specific session). You can see an example below:
Sign in to reply