After enhancing the Threat Indicators features since it was made available to Intercept X Advanced with EDR and Intercept X with EDR for Server customers in July, Sophos has now declared the feature Generally Available.

Threat Indicators solves the #1 most requested feature for EDR users – knowing where to start an investigation.  Now admins will utilize a prioritized list of the most suspicious activity, so they know what needs to be investigated and how urgently it needs to be addressed.  Admins will see the most suspicious undetected files based on their suspicion level, when the file was first seen, how many machines are impacted, and whether the file has executed or not.

Since the launch of the Beta in July customers will now notice:

  • A new summary banner detailing the number of High, Medium and Low Suspicion items identified
  • New additional filters which now allow filtering by Suspicion Level and Date
  • A 'likely PUA' tag to give better context as to whether a file is leaning more towards being a Potentially Unwanted Application rather than being malicious
  • The scoring thresholds have also been tuned and customers should notice much smaller lists of files being identified as suspicious rather than a very large number of items falling into the low suspicion category



The list of suspicious activity is generated using machine learning technology built by the SophosLabs Data Science team.

Learn more about Threat Indicators: