We have now rolled out the Microsoft 365 Data Integration (formerly Office 365) and Investigations into GA.
1. Getting started with Microsoft 365 Data Integration:
All XDR customers who wish to have their MS 365 data ingested into their data la...
As of January 27 2022, the EAP is moving to version 10.3.2.
All enrolled devices should automatically update.
Improvements in 10.3.2
Scan Extension improvements
Optimized file interception operations to boost overall system performance
Additi...
For query assistance, please see the following Best Practices guide
The world is full of tools and products to facilitate threat hunting in your environment. In this post I explore how to take threat intelligence from a 3rd party rep...
Investigations is now available for customers who wish to opt-in. If you were previously enrolled in the XDR – Detection and Investigation EAP, you should see Investigations in the Threat Analysis Center and there is no action on your part...
A multi-year endeavor in the making, the rollout of the next-gen scanning architecture has begun. This is a ground-up rewrite of functionality that touches nearly every aspect of Intercept X and delivers multiple benefits to customers.
Re...
Note: With special thanks to AK, mward19, Maxim-Sophos, and JoeLevy
This post provides information about Sophos XDR. It has three main sections:
Data Sources
Data Enrichment and Pivoting
Integrations and API’s
Table...
Thank you to everyone who applied. Due to an overwhelming response, we have reached our capacity. The survey is now closed.
Try out a new XDR product feature as part of our Customer Research initiative in mid-January.
Help us evaluate a new pro...
Hi all,
This weekend we are making some policy changes relating to the SSL/TLS decryption of HTTPS websites. We will be adding a toggle for SSL/TLS decryption into the Threat Protection policy for all customers.
This new setting will determine if En...
For query assistance, please see the following Best Practices guide
We have enabled the ability to add the Office 365 Audit log information into the Sophos XDR Data Lake.
This capability is available for ALL XDR customers at NO ADDITI...
Follow Kushal from the Sophos Community Team as he walks you through the Sophos Central Migration Tool. With Enterprise console nearing the end of support, now is the time to migrate to Sophos Central.
Watch the full video: https://techvids.sophos.co...
Hi all,
As you will have read in the Recommended Read from last week; we released an update to Intercept X, 2.0.23. This week we will start enabling new features that are part of the update for devices that are running in the New Endpoint/Server...
Sophos are excited to announce that from today we have started the rollout of the new Detections functionality to all Sophos XDR customers.
The rollout is being done in stages with additional functionality being added over time. In this first release...
For query assistance, please see the following Best Practices guide
As part of the regular maintenance of the XDR Live Discover extension from Sophos we review the use of extension tables provided.
In that review we see that only 5 custome...
Today we will start uploading data from Intercept X Advanced XDR Mac devices to the Sophos Data Lake where Endpoint Data Lake uploads have been enabled. The plan is to slowly enable across our customer base doing 30% of accounts today, assumin...
Now with the XDR Detections EAP open folks can see all activity that has been classified to MITRE ATT&CK.
The new page is in the Threat Analysis Center and has lots of really great information on what has been observed in your environment. &...
This EAP is a persistent program where you can subscribe to the latest and greatest new features and fixes. Participants are encouraged to try out these features and provide feedback to or development team to help improve the product.
Improveme...
Hi all,
HTTPS inspection is being enabled by default for devices in the EAP now that the roll out has finished, (both Endpoint and Server).
When users visit websites via browsers the Sophos endpoint will decrypt HTTPS network traffic for the pur...
We are excited to announce the opening of the Detections and Investigations Early Access Program (EAP). The EAP begins with the introduction of the Detections dashboard which provides a prioritized list of suspicious activity for further invest...
For query assistance, please see the following Best Practices guide
With XDR we have access to the OSQuery supported tables and the ability to write our own SQL queries that can include variables. One of the tables available is a YAR...
Hi Community,
On behalf of the team, we would like to thank everyone who participated in our Apple M1 (ARM) Early Access Program, especially those who took the time to share their feedback.
With Apple M1 (ARM) now officially supported,...
Over the past few weeks and coming weeks we have/will release some new Intercept X Advanced with XDR features that I wanted to make everyone aware of.
Live Discover Customer Defined Enrichments:
Customers can now define their own Live Discover data e...
Hi all,
On July 22nd we launch our Server Protection anti-virus plugin for all customers, so you can now run on-demand scans of your Linux servers. This update will provide the following features and functionality:
Next generation threat detect...
For the typical Central administrator using Live Discover, often times you are just looking to run a pre-canned query to get results as quick and easy as possible so we've made some changes in Central to help simplify using Live Discover for those ad...
In May, we achieved a few significant strategic milestones in our product roadmap. This included advancements in our EDR offering, the introduction of the Sophos Data Lake, and the launch of Extended Detection and Response (XDR) with integrati...