Hi Community,  The following is being released to Sophos Central Window Servers: Server Core Agent 2.15.4 Endpoint Advanced 10.8.10 The following are changes of note introduced in this release: Enablement of Tamper Protection in safe boot Upd...

Great interaction again on today's session - thanks for joining in! I loved having a proper look at how code can be executed on your network and devices, and what Sophos EDR can do to help you threat hunt. We'll see more of that power in the remainin...

I hope you enjoyed the first session - that's just a taster of the amazing content we've got for you in the next couple of weeks! There were a couple of resources mentioned in the session which I've listed below for reference in case: VirusTotal -&n...

The latest of our Live Response enhancements is now available to customers with the release of our new Live Response per session audit logs.   Typically a few minutes after running a Live Response session, if you navigate to the Logs and R...

Welcome! This page is where we'll post any follow-on resources from the Threat Hunting Academy series, so that you can continue to learn and explore after the sessions. Do let us know in the Comments below if you have any feedback or extra informati...

With the data lake we can do some interesting IOC hunts that perform counts across all devices for similar IOC's and with some use of variables we allow for the administrator to rapidly focus on things of interest. Watch the Video: https://vimeo.com/...

Hello Community. A new version of Sophos Central Endpoint for macOS and Sophos Anti-virus for macOS (OPM) has been released now.  The release versions are:  Central 10.0.4 OPM 9.10.2  Release information This release contains th...

We're pleased to announce that the XDR & EDR Data Lake Early Access Program is now publicly available to our Intercept X Endpoint and Server customers. For customers who join and enroll devices into these endpoint and/or server early access progr...

For anyone who's joined the XDR & EDR Data Lake Early Access Program, we've been providing instructions on the different steps to join and enroll devices but I thought it would be useful to have one full blog post covering those steps and also de...

(NEW) Video on Schemas for EDR and Data Lake (15 Min) With the addition of the data lake a significant amount of new information is available.  In this document we will discuss each of the core database schemas. For those that simply want the ...

In this 7min video we show the features that were enabled on Feb 22nd for the Early Access Program for the XDR Data lake. Welcome to the EAP and stay tuned more features are coming in March and April as we add Context aware pivoting to another query...

One of the most frequently used queries by our threat hunting team is a flexible generic search query against the data lake. Often you know exactly what you are looking for but sometimes you want to start from a high level view and work your way deep...

Below is a query that will list all installed applications, the publisher, application name, and version number. It performs some nice counting so you don't have to deal with a long list of duplicates.  You can quickly search for rare applic...

Below is a query that will list all installed applications, the publisher, application name, and version number. It performs some nice counting so you don't have to deal with a long list of duplicates.  You can quickly search for rare applicatio...

One of the most frequently used queries by our threat hunting team is a flexible generic search query against the data lake. Often you know exactly what you are looking for but sometimes you want to start from a high level view and work your way deep...

In this brief demo video we cover the core features being add during the early access program and as part of the expected product availability in May/June 2021 Content Data Lake and direct endpoint queries from one console (Available in EAP) Schedul...

With the addition of the data lake a significant amount of new information is available.  In this document we will discuss each of the core database schemas. For those that simply want the schema data some links are provided below Endpoint ...

Hi Community,  The following is being released to Sophos Central Windows Endpoints : Core Agent v2.15.4 Endpoint Advanced v10.8.10 The following are changes of note introduced in this release: Enablement of Tamper Protection in safe boot mode...

New feature – Tamper Protection Password Export (due for release on w/c 25th January) Sophos Central allows you to recover the tamper protection passwords of devices that you’ve recently deleted.You might need to do this so that you...

Hi Community,  The latest Sophos Linux Protection has been released with the following module version changes: Sophos Linux Base has been updated to 1.1.4. Sophos Live Discover plugin has been updated to 1.1.0. Sophos Linux Live Response has be...

Hi Community,  The following is being released to Sophos Central Windows Endpoints and Servers: Core Agent v2.10.8 Update components are:  Sophos AutoUpdate updated to version 6.6.386. Sophos Endpoint Defense updated to versi...

IaaS connector functionality for Amazon AWS and Microsoft Azure is being removed from the Intercept X Advanced for Server (SVRCIXA) and Central Server Protection (SVRC) licenses. It is being replaced by the more comprehensive capabilities of Sophos C...

Sophos appreciates your assistance. Please make sure to read all the items in this post. Also, please report any issues on the Discussions forum - we need your feedback to help improve the product. Overview Support is now GA (Generally Available) fo...

Check out this webinar where the Sophos Engineering and PM team give an introduction on coding against the EDR Data Lake API and walk through using and modifying the Sophos Data Lake Test tool. vimeo.com/.../ad569fd23d

I am adding a set of queries to explore information in the data lake from the XG Firewall. For the data lake to have information from the XG Firewall you will need to have an XG FW License with Cloud Firewall reporting enabled. Once the firewall is c...