• Season 2 On-Demand Content Now Available!

    Just a quick note to say that all of Season 2 is now available at the on-demand page, for you to review and please share with colleagues! https://events.sophos.com/sophosthreathuntingacademy2  We have one more video to come which will...
    • 23 Jul 2021
  • Season 2 Exam and Certification

    Having attended the series, to become a Sophos XDR Certified Admin, you now just need to take a short test to validate your knowledge. Completion of this (the pass mark is 80%) will automatically send over your certificate, which you can print out an...
    • 23 Jul 2021
  • Season 2 Episode 3: Resources

    I really enjoyed today's session - I hope you did too! Really interesting content from Brandon, and great to see the power of Firewall and Server working together. There's a number of good Threat Simulation platforms as we discussed in today&...
    • 20 Jul 2021
  • Season 2 Episode 2: Session Resources

    Great sessions this week - thanks to all of you for joining in with the conversations. Here's some of the areas Ben covered in his session, and the resources that you might want to explore further... As mentioned in our discussions it's ofte...
    • 16 Jul 2021
  • Season 2 Episode 1: Resources

    Great to see so many of you on the sessions today - thanks for tuning in and getting stuck into the interactive side. It's really good knowing we have so many keen threat hunters out there! Here's a collection of resources from Ashek - please do let ...
    • 14 Jul 2021
  • Threat Academy Season 2 starts this week - secure your place NOW!

    We're less than 2 days out from kicking off the next season of the Sophos Threat Hunting Academy, and I for one can't wait to get started! We have some much we want to share with you this time round, and the power you can add to your threat hunting w...
    • 12 Jul 2021
  • Threat Hunting Academy Season 2 Is Coming!

    I have some very exciting news - the Sophos Threat Hunting Academy is back! We're all so excited about getting to do this again, and can't wait to get started! Starting 14th July, we have 4 new live and interactive sessions for you, this ti...
    • 22 Jun 2021
  • Sophos EDR Threat Hunting Framework

    Table of Contents

    • Introduction
    • Sophos EDR Threat Hunting Foundations
    • Threat Hunting Process
    • Propose Hypothesis
    • Acquire and Analyze Data
    • Device Isolation
    • Inform and Enrich
    • Act
    • Summary

    Introduction

    Welcome to the Sophos EDR Threat Hunting Framework. This document is intended to guide an experienced threat hunter through the process of initiating a hunt, gathering and enriching data, then taking the required action…

    • 20 Mar 2021
  • Threat Hunting Academy Feedback

    I hope you all enjoyed the series as much as we did in running it - it sounds from talking to some of you that the topics covered were useful and it was great to see so much interaction during the sessions. We plan to to run another Threat Hunti...
    • 19 Mar 2021
  • Exam and Certification

    Having attended the series, to become a Sophos EDR Certified Admin, you now just need to take a short test to validate your knowledge. Completion of this (the pass mark is 80%) will automatically send over your certificate, which you can print out an...
    • 19 Mar 2021
  • Getting ready for the live threat hunt!

    Welcome to Monday everyone!  We're busily getting ready for our final session in the series tomorrow, where we'll be running through a live threat hunt with all of you. Can't wait to get started with it - should be fun Don't fo...
    • 15 Mar 2021
  • Session 5 Resources

    Hope you all enjoyed today's session - I love seeing this end of the chain; as Ben said on the EMEA session, this is the 'fun' bit where everything we've learnt so far comes together! Here's links to a few resources that we mentio...
    • 10 Mar 2021
  • Session 4 Resources

    Great to see so many of you on the session today and interacting - thanks! I hope the new platform worked well for you. Here's a few query resources that I wanted to share following Andy's session: https://community.sophos.com/intercept-x-endpoin...
    • 9 Mar 2021
  • Session 3 Resources

    Thanks Kris for a great session today!  Kris used quite a few queries which are listed below for you to test out and use on your network: RDP Status- https://community.sophos.com/intercept-x-endpoint/i/device/simple-query-to-audit-microsof...
    • 3 Mar 2021
  • On-Demand Content Available!

    Just a quick note to say that session 1 is now available at the on-demand page, for you to review and please share with colleagues! https://events.sophos.com/threatacademyondemand  We'll get other sessions up as soon as possible after they&#...
    • 3 Mar 2021
  • Session 2 Resources

    Great interaction again on today's session - thanks for joining in! I loved having a proper look at how code can be executed on your network and devices, and what Sophos EDR can do to help you threat hunt. We'll see more of that power in the remainin...
    • 2 Mar 2021
  • Session 1 Resources

    I hope you enjoyed the first session - that's just a taster of the amazing content we've got for you in the next couple of weeks! There were a couple of resources mentioned in the session which I've listed below for reference in case: VirusTotal -&n...
    • 2 Mar 2021
  • Threat Hunting Academy - Welcome!

    Welcome! This page is where we'll post any follow-on resources from the Threat Hunting Academy series, so that you can continue to learn and explore after the sessions. Do let us know in the Comments below if you have any feedback or extra informati...
    • 1 Mar 2021