Introduction

Welcome to the Sophos EDR Threat Hunting Framework. This document is intended to guide an experienced threat hunter through the process of initiating a hunt, gathering and enriching data, then taking the required action…

I hope you all enjoyed the series as much as we did in running it - it sounds from talking to some of you that the topics covered were useful and it was great to see so much interaction during the sessions. We plan to to run another Threat Hunti...

Having attended the series, to become a Sophos EDR Certified Admin, you now just need to take a short test to validate your knowledge. Completion of this (the pass mark is 80%) will automatically send over your certificate, which you can print out an...

Welcome to Monday everyone!  We're busily getting ready for our final session in the series tomorrow, where we'll be running through a live threat hunt with all of you. Can't wait to get started with it - should be fun Don't fo...

Hope you all enjoyed today's session - I love seeing this end of the chain; as Ben said on the EMEA session, this is the 'fun' bit where everything we've learnt so far comes together! Here's links to a few resources that we mentio...

Great to see so many of you on the session today and interacting - thanks! I hope the new platform worked well for you. Here's a few query resources that I wanted to share following Andy's session: https://community.sophos.com/intercept-x-endpoin...

Thanks Kris for a great session today!  Kris used quite a few queries which are listed below for you to test out and use on your network: RDP Status- https://community.sophos.com/intercept-x-endpoint/i/query-forum/simple-query-to-audit-microsof...

Just a quick note to say that session 1 is now available at the on-demand page, for you to review and please share with colleagues! https://events.sophos.com/threatacademyondemand  We'll get other sessions up as soon as possible after they&#...

Great interaction again on today's session - thanks for joining in! I loved having a proper look at how code can be executed on your network and devices, and what Sophos EDR can do to help you threat hunt. We'll see more of that power in the remainin...

I hope you enjoyed the first session - that's just a taster of the amazing content we've got for you in the next couple of weeks! There were a couple of resources mentioned in the session which I've listed below for reference in case: VirusTotal -&n...

Welcome! This page is where we'll post any follow-on resources from the Threat Hunting Academy series, so that you can continue to learn and explore after the sessions. Do let us know in the Comments below if you have any feedback or extra informati...