We are continuing to make improvements to the XDR Detections and Investigation console.   Sophos is continuously developing new features and refining how existing ones work and for those who use the product regularly you will notice these improvements rolling out every few weeks. The team is eager to get those features into your hands quickly and instead of a once or twice a year big release and upgrade we are providing many new features as they become available.   Most significant features will be shown in a notification box to draw your attention to the new capability but lots and lots of new features will simply be released once we have completed testing on them.  Enjoy and here is a list of some of the most recent enhancements. 

  • Time Filters for Data Lake queries:
    • Now when running a query against the data lake you can specify the time range that he query will work over.  The default is 7 days, but you can adjust that to any range of time over the 30day data retention period.

  • Time filters for Scheduled Queries
    • With the addition of time range filtering for data lake queries we have also updated scheduled queries to allow you to specify the number of days a scheduled query should run on.  This means that a query set up to run nightly can restrict its effort to just the last days of activity instead of searching the entire 30 das of data in the lake.
    • Existing queries will have a default time range set to 30 days. If this is not correct you can go in and adjust the period and re-save the scheduled query....

  • Management of Scheduled queries moved to Preferences
    • As more features have been being added we realized that we needed to move where you access scheduled query configuration. it is now under preferences

MORE improvements on the way

Over the next several weeks we will continue to make improvements to the UI from little things like changing an icon to more significant features like improved filtering and sorting on the Detections page to adding more capabilities to Investigations to track discovered Indicators of Compromise and to record any open questions and answers generated during the investigation process.