• Season 3 - Exam and On-Demand Content

    Hi all, I hope you've had a chance to think about your Threat Response posture since last week's sessions - have you had  a conversation with anyone about your Incident Response plan yet? If not there's no time like the present! Remember, it doe...
  • Season 3 Episode 5: Wrap Up

    And that's a wrap! Thanks to all of you for helping us have such a great session today - I loved the conversation and talking through your questions. It really helps bring it all to life and to know that so many of you are benefitting from what&#...
  • Season 3 Episode 4: Resources

    I loved today's session - really good to be able to reflect on the wider business aspect of Threat Hunting and Response, and consider that this is a whole-business affair, rather than just the remit of the IT/Technical team. Thank-you all for you...
  • Season 3 Episode 3: Resources

    And that's a wrap for week 1! Thanks for being with us for the three sessions this week - we all really enjoyed delivering them and it was great to see so many of you active in the conversation. Couple of resources we mentioned during the session...
  • Season 3 Episode 2: Resources

    Another great session yesterday - a big thanks goes to all of you for joining in with the conversation and sending in your questions. It really brings the session to life for me and the team - we love hearing from you and understanding more about whe...
  • Season 3 Episode 1: Resources

    I hope you all enjoyed today's session as much as we did - it was great to get back out with the Threat Hunting Academy, and to interact with so many of you. Thanks for all of your questions and comments. I was really happy to see so many new peo...
  • Season 3 starts today!

    Happy February! We're really looking to getting started with Season 3 of the Threat Hunting Academy in just a couple of hours, and have so much great content to share with you all. If you haven't registered already, it's not too late - he...
  • Sophos Threat Hunting Academy: Become a Sophos XDR-certified admin

    Registration Now Open: Sophos Threat Hunting Academy Season 3, Feb. 1-9, 2022; 10-11 am PST/GMT/BRT. Do you ever wonder how our expert threat hunting teams stop attackers in their tracks? See firsthand by attending Season 3 of the Sophos Threat Hunt...
  • Season 2 On-Demand Content Now Available!

    Just a quick note to say that all of Season 2 is now available at the on-demand page, for you to review and please share with colleagues! https://events.sophos.com/sophosthreathuntingacademy2  We have one more video to come which will...
  • Season 2 Exam and Certification

    Having attended the series, to become a Sophos XDR Certified Admin, you now just need to take a short test to validate your knowledge. Completion of this (the pass mark is 80%) will automatically send over your certificate, which you can print out an...
  • Season 2 Episode 3: Resources

    I really enjoyed today's session - I hope you did too! Really interesting content from Brandon, and great to see the power of Firewall and Server working together. There's a number of good Threat Simulation platforms as we discussed in today&...
  • Season 2 Episode 2: Session Resources

    Great sessions this week - thanks to all of you for joining in with the conversations. Here's some of the areas Ben covered in his session, and the resources that you might want to explore further... As mentioned in our discussions it's ofte...
  • Season 2 Episode 1: Resources

    Great to see so many of you on the sessions today - thanks for tuning in and getting stuck into the interactive side. It's really good knowing we have so many keen threat hunters out there! Here's a collection of resources from Ashek - please do let ...
  • Threat Academy Season 2 starts this week - secure your place NOW!

    We're less than 2 days out from kicking off the next season of the Sophos Threat Hunting Academy, and I for one can't wait to get started! We have some much we want to share with you this time round, and the power you can add to your threat hunting w...
  • Threat Hunting Academy Season 2 Is Coming!

    I have some very exciting news - the Sophos Threat Hunting Academy is back! We're all so excited about getting to do this again, and can't wait to get started! Starting 14th July, we have 4 new live and interactive sessions for you, this ti...
  • Sophos EDR Threat Hunting Framework

    Table of Contents

    • Introduction
    • Sophos EDR Threat Hunting Foundations
    • Threat Hunting Process
    • Propose Hypothesis
    • Acquire and Analyze Data
    • Device Isolation
    • Inform and Enrich
    • Act
    • Summary

    Introduction

    Welcome to the Sophos EDR Threat Hunting Framework. This document is intended to guide an experienced threat hunter through the process of initiating a hunt, gathering and enriching data, then taking the required action…

  • Threat Hunting Academy Feedback

    I hope you all enjoyed the series as much as we did in running it - it sounds from talking to some of you that the topics covered were useful and it was great to see so much interaction during the sessions. We plan to to run another Threat Hunti...
  • Exam and Certification

    Having attended the series, to become a Sophos EDR Certified Admin, you now just need to take a short test to validate your knowledge. Completion of this (the pass mark is 80%) will automatically send over your certificate, which you can print out an...
  • Getting ready for the live threat hunt!

    Welcome to Monday everyone!  We're busily getting ready for our final session in the series tomorrow, where we'll be running through a live threat hunt with all of you. Can't wait to get started with it - should be fun Don't fo...
  • Session 5 Resources

    Hope you all enjoyed today's session - I love seeing this end of the chain; as Ben said on the EMEA session, this is the 'fun' bit where everything we've learnt so far comes together! Here's links to a few resources that we mentio...
  • Session 4 Resources

    Great to see so many of you on the session today and interacting - thanks! I hope the new platform worked well for you. Here's a few query resources that I wanted to share following Andy's session: https://community.sophos.com/intercept-x-endpoin...
  • Session 3 Resources

    Thanks Kris for a great session today!  Kris used quite a few queries which are listed below for you to test out and use on your network: RDP Status- https://community.sophos.com/intercept-x-endpoint/i/device/simple-query-to-audit-microsof...
  • On-Demand Content Available!

    Just a quick note to say that session 1 is now available at the on-demand page, for you to review and please share with colleagues! https://events.sophos.com/threatacademyondemand  We'll get other sessions up as soon as possible after they&#...
  • Session 2 Resources

    Great interaction again on today's session - thanks for joining in! I loved having a proper look at how code can be executed on your network and devices, and what Sophos EDR can do to help you threat hunt. We'll see more of that power in the remainin...
  • Session 1 Resources

    I hope you enjoyed the first session - that's just a taster of the amazing content we've got for you in the next couple of weeks! There were a couple of resources mentioned in the session which I've listed below for reference in case: VirusTotal -&n...