For Endpoint/Server customers looking to control the region being used when requesting the latest SophosLabs intelligence on files, we have introduced the new ‘Intelix Service Region’ setting.  SophosLabs Intelix provides threat...

We are continuing to make improvements to the XDR Detections and Investigation console.   Sophos is continuously developing new features and refining how existing ones work and for those who use the product regularly you will notice th...

With the Microsoft 365 Data Lake connector along with the Detection and Investigation functionality having reached general availability to all XDR customers we are now in a position where we are ready to close the ‘XDR – Detection and In...

We have introduced a new Time Period selector that is applied to XDR Data Lake queries. On creating a brand new Data Lake query, a new Data Lake query based off a canned query or a new scheduled Data Lake query you will see the new Time Period select...

CryptoGuard 5: A new policy option now sets the default action on detection of ransomware to terminate the process. We have kept the option to only isolate a process should you wish to keep using the setting from CryptoGuard 4.  This new releas...

We have now rolled out the Microsoft 365 Data Integration (formerly Office 365) and Investigations into GA.  1. Getting started with Microsoft 365 Data Integration: All XDR customers who wish to have their MS 365 data ingested into their data la...

As of January 27 2022, the EAP is moving to version 10.3.2.  All enrolled devices should automatically update. Improvements in 10.3.2 Scan Extension improvements Optimized file interception operations to boost overall system performance Additi...

For query assistance, please see the following Best Practices guide The world is full of tools and products to facilitate threat hunting in your environment.  In this post I explore how to take threat intelligence from a 3rd party rep...

Investigations is now available for customers who wish to opt-in. If you were previously enrolled in the XDR – Detection and Investigation EAP, you should see Investigations in the Threat Analysis Center and there is no action on your part...

A multi-year endeavor in the making, the rollout of the next-gen scanning architecture has begun. This is a ground-up rewrite of functionality that touches nearly every aspect of Intercept X and delivers multiple benefits to customers.  Re...

Note: With special thanks to AK, mward19, Maxim-Sophos, and JoeLevy This post provides information about Sophos XDR. It has three main sections: Data Sources Data Enrichment and Pivoting Integrations and API’s Table...

Thank you to everyone who applied. Due to an overwhelming response, we have reached our capacity. The survey is now closed.  Try out a new XDR product feature as part of our Customer Research initiative in mid-January. Help us evaluate a new pro...

Hi all, This weekend we are making some policy changes relating to the SSL/TLS decryption of HTTPS websites. We will be adding a toggle for SSL/TLS decryption into the Threat Protection policy for all customers. This new setting will determine if En...

For query assistance, please see the following Best Practices guide We have enabled the ability to add the Office 365 Audit log information into the Sophos XDR Data Lake. This capability is available for ALL XDR customers at NO ADDITI...

Follow Kushal from the Sophos Community Team as he walks you through the Sophos Central Migration Tool. With Enterprise console nearing the end of support, now is the time to migrate to Sophos Central. Watch the full video: https://techvids.sophos.co...

Hi all, As you will have read in the Recommended Read from last week; we released an update to Intercept X, 2.0.23. This week we will start enabling new features that are part of the update for devices that are running in the New Endpoint/Server...

Sophos are excited to announce that from today we have started the rollout of the new Detections functionality to all Sophos XDR customers. The rollout is being done in stages with additional functionality being added over time. In this first release...

For query assistance, please see the following Best Practices guide As part of the regular maintenance of the XDR Live Discover extension from Sophos we review the use of extension tables provided. In that review we see that only 5 custome...

Today we will start uploading data from Intercept X Advanced XDR Mac devices to the Sophos Data Lake where Endpoint Data Lake uploads have been enabled.  The plan is to slowly enable across our customer base doing 30% of accounts today, assumin...

Now with the XDR Detections EAP open folks can see all activity that has been classified to MITRE ATT&CK. The new page is in the Threat Analysis Center and has lots of really great information on what has been observed in your environment. &...

This EAP is a persistent program where you can subscribe to the latest and greatest new features and fixes. Participants are encouraged to try out these features and provide feedback to or development team to help improve the product.  Improveme...

Hi all, HTTPS inspection is being enabled by default for devices in the EAP now that the roll out has finished, (both Endpoint and Server). When users visit websites via browsers the Sophos endpoint will decrypt HTTPS network traffic for the pur...

We are excited to announce the opening of the Detections and Investigations Early Access Program (EAP).  The EAP begins with the introduction of the Detections dashboard which provides a prioritized list of suspicious activity for further invest...

For query assistance, please see the following Best Practices guide With XDR we have access to the OSQuery supported tables and the ability to write our own SQL queries that can include variables.  One of the tables available is a YAR...