As testing some of the new Endpoint EDR capabilities can be a bit tricky, Sophos have put together a Test Guide to help demo and test the new capabilities. The Test Guide walks through the scenarios below:
- The investigation of an existing detection where suspect files are identified in the threat chain which warrant further investigation. A file is submitted to SophosLabs for further analysis, an Item Search across the estate is performed and an endpoint isolated.
- The investigation of a suspect file hash received from a third party source of information where a cross estate Threat Search is run and the Clean and Block action is applied.
You can find the test guide under Documents on the Intercept X Early Access Program Community Landing page here
The direct link to the document is here