XDR customers will notice some new enhancements to the Detections page in the Threat Analysis Center.  Here is a breakdown of the changes:

  • As well as displaying Sophos raised detections from Sophos managed devices we can now raise detections from from supported 3rd party integrations such as the 'Microsoft 365 User Activity logs' and other integrations that we plan to support in future.
  • From Sophos Endpoint/Server Detections there is now the ability to view and click the device name and pivot to the device list summary page for those devices.
  • We now support more filtering capabilities including filtering Detections by device name and MITRE ATT&CK Tactic
  • Finally there is the ability to create investigations linked to any type of detections, either manually or automatically