• Sophos EDR Threat Hunting Framework

    Table of Contents

    • Introduction
    • Sophos EDR Threat Hunting Foundations
    • Threat Hunting Process
    • Propose Hypothesis
    • Acquire and Analyze Data
    • Device Isolation
    • Inform and Enrich
    • Act
    • Summary


    Welcome to the Sophos EDR Threat Hunting Framework. This document is intended to guide an experienced threat hunter through the process of initiating a hunt, gathering and enriching data, then taking the required action…

    • 20 Mar 2021
  • Threat Hunting Academy Feedback

    I hope you all enjoyed the series as much as we did in running it - it sounds from talking to some of you that the topics covered were useful and it was great to see so much interaction during the sessions. We plan to to run another Threat Hunti...
    • 19 Mar 2021
  • Exam and Certification

    Having attended the series, to become a Sophos EDR Certified Admin, you now just need to take a short test to validate your knowledge. Completion of this (the pass mark is 80%) will automatically send over your certificate, which you can print out an...
    • 19 Mar 2021
  • Getting ready for the live threat hunt!

    Welcome to Monday everyone!  We're busily getting ready for our final session in the series tomorrow, where we'll be running through a live threat hunt with all of you. Can't wait to get started with it - should be fun Don't fo...
    • 15 Mar 2021
  • Session 5 Resources

    Hope you all enjoyed today's session - I love seeing this end of the chain; as Ben said on the EMEA session, this is the 'fun' bit where everything we've learnt so far comes together! Here's links to a few resources that we mentio...
    • 10 Mar 2021
  • Session 4 Resources

    Great to see so many of you on the session today and interacting - thanks! I hope the new platform worked well for you. Here's a few query resources that I wanted to share following Andy's session: https://community.sophos.com/intercept-x-endpoin...
    • 9 Mar 2021
  • Session 3 Resources

    Thanks Kris for a great session today!  Kris used quite a few queries which are listed below for you to test out and use on your network: RDP Status- https://community.sophos.com/intercept-x-endpoint/i/query-forum/simple-query-to-audit-microsof...
    • 3 Mar 2021
  • On-Demand Content Available!

    Just a quick note to say that session 1 is now available at the on-demand page, for you to review and please share with colleagues! https://events.sophos.com/threatacademyondemand  We'll get other sessions up as soon as possible after they&#...
    • 3 Mar 2021
  • Session 2 Resources

    Great interaction again on today's session - thanks for joining in! I loved having a proper look at how code can be executed on your network and devices, and what Sophos EDR can do to help you threat hunt. We'll see more of that power in the remainin...
    • 2 Mar 2021
  • Session 1 Resources

    I hope you enjoyed the first session - that's just a taster of the amazing content we've got for you in the next couple of weeks! There were a couple of resources mentioned in the session which I've listed below for reference in case: VirusTotal -&n...
    • 2 Mar 2021
  • Threat Hunting Academy - Welcome!

    Welcome! This page is where we'll post any follow-on resources from the Threat Hunting Academy series, so that you can continue to learn and explore after the sessions. Do let us know in the Comments below if you have any feedback or extra informati...
    • 1 Mar 2021