We have introduced a new Time Period selector that is applied to XDR Data Lake queries. On creating a brand new Data Lake query, a new Data Lake query based off a canned query or a new scheduled Data Lake query you will see the new Time Period select...

And that's a wrap for week 1! Thanks for being with us for the three sessions this week - we all really enjoyed delivering them and it was great to see so many of you active in the conversation. Couple of resources we mentioned during the session...

Another great session yesterday - a big thanks goes to all of you for joining in with the conversation and sending in your questions. It really brings the session to life for me and the team - we love hearing from you and understanding more about whe...

I hope you all enjoyed today's session as much as we did - it was great to get back out with the Threat Hunting Academy, and to interact with so many of you. Thanks for all of your questions and comments. I was really happy to see so many new peo...

Happy February! We're really looking to getting started with Season 3 of the Threat Hunting Academy in just a couple of hours, and have so much great content to share with you all. If you haven't registered already, it's not too late - he...

CryptoGuard 5: A new policy option now sets the default action on detection of ransomware to terminate the process. We have kept the option to only isolate a process should you wish to keep using the setting from CryptoGuard 4.  This new releas...

We have now rolled out the Microsoft 365 Data Integration (formerly Office 365) and Investigations into GA.  1. Getting started with Microsoft 365 Data Integration: All XDR customers who wish to have their MS 365 data ingested into their data la...

As of January 27 2022, the EAP is moving to version 10.3.2.  All enrolled devices should automatically update. Improvements in 10.3.2 Scan Extension improvements Optimized file interception operations to boost overall system performance Additi...

Registration Now Open: Sophos Threat Hunting Academy Season 3, Feb. 1-9, 2022; 10-11 am PST/GMT/BRT. Do you ever wonder how our expert threat hunting teams stop attackers in their tracks? See firsthand by attending Season 3 of the Sophos Threat Hunt...

For query assistance, please see the following Best Practices guide The world is full of tools and products to facilitate threat hunting in your environment.  In this post I explore how to take threat intelligence from a 3rd party rep...

Investigations is now available for customers who wish to opt-in. If you were previously enrolled in the XDR – Detection and Investigation EAP, you should see Investigations in the Threat Analysis Center and there is no action on your part...

A multi-year endeavor in the making, the rollout of the next-gen scanning architecture has begun. This is a ground-up rewrite of functionality that touches nearly every aspect of Intercept X and delivers multiple benefits to customers.  Re...

Note: With special thanks to AK, mward19, Maxim-Sophos, and JoeLevy This post provides information about Sophos XDR. It has three main sections: Data Sources Data Enrichment and Pivoting Integrations and API’s Table...

Thank you to everyone who applied. Due to an overwhelming response, we have reached our capacity. The survey is now closed.  Try out a new XDR product feature as part of our Customer Research initiative in mid-January. Help us evaluate a new pro...

Hi all, This weekend we are making some policy changes relating to the SSL/TLS decryption of HTTPS websites. We will be adding a toggle for SSL/TLS decryption into the Threat Protection policy for all customers. This new setting will determine if En...

For query assistance, please see the following Best Practices guide We have enabled the ability to add the Office 365 Audit log information into the Sophos XDR Data Lake. This capability is available for ALL XDR customers at NO ADDITI...

Follow Kushal from the Sophos Community Team as he walks you through the Sophos Central Migration Tool. With Enterprise console nearing the end of support, now is the time to migrate to Sophos Central. Watch the full video: https://techvids.sophos.co...

Hi all, As you will have read in the Recommended Read from last week; we released an update to Intercept X, 2.0.23. This week we will start enabling new features that are part of the update for devices that are running in the New Endpoint/Server...

Sophos are excited to announce that from today we have started the rollout of the new Detections functionality to all Sophos XDR customers. The rollout is being done in stages with additional functionality being added over time. In this first release...

For query assistance, please see the following Best Practices guide As part of the regular maintenance of the XDR Live Discover extension from Sophos we review the use of extension tables provided. In that review we see that only 5 custome...

Today we will start uploading data from Intercept X Advanced XDR Mac devices to the Sophos Data Lake where Endpoint Data Lake uploads have been enabled.  The plan is to slowly enable across our customer base doing 30% of accounts today, assumin...

Now with the XDR Detections EAP open folks can see all activity that has been classified to MITRE ATT&CK. The new page is in the Threat Analysis Center and has lots of really great information on what has been observed in your environment. &...

This EAP is a persistent program where you can subscribe to the latest and greatest new features and fixes. Participants are encouraged to try out these features and provide feedback to or development team to help improve the product.  Improveme...

Hi all, HTTPS inspection is being enabled by default for devices in the EAP now that the roll out has finished, (both Endpoint and Server). When users visit websites via browsers the Sophos endpoint will decrypt HTTPS network traffic for the pur...