Great to see so many of you on the sessions today - thanks for tuning in and getting stuck into the interactive side. It's really good knowing we have so many keen threat hunters out there!
Here's a collection of resources from Ashek - please do let us know if there's anything else you want to know.
Add "Other Object Access Events" & "Logon" as to your changes as well
Thanks for coming back for Season 2! There are plans afoot to gather telemetry from non-Sophos sources, as well as some interesting new ways to pull out indicators from encrypted traffic without cracking it open. Specifically gathering info from the Nexus Switches is not a direct integration I know of at this point, but the goal is to gather the richer network telemetry, and that is absolutely something to get excited in the coming months.
Have a look at this release about our acquisition of Braintrace for more info on timing and strategy- https://www.sophos.com/en-us/press-office/press-releases/2021/07/sophos-acquires-braintrace-to-boost-adaptive-cybersecurity.aspx
Hi Nick and Chris. I was able to do Season 1 live, but have had to do Season 2 on demand, and just now able to get to it. What I'd like to know is if XDR will ever be able to get data from non-Sophos network devices, such as Cisco Nexus switches, maybe via Syslog?
Thanks for letting us know about this - we've updated the video on the OnDemand page
On playing back the session2 video1 you can hear you and Ben talking over Ashek.
We'll have all of the session recordings available later this week - I'll post a link in this forum when they're available for you to access and review.