During an active malware incident, our tool of choice remains Live Discover (information gathering) and Live Response (taking action). You can refer to our Community Page for a wealth of useful queries that can be modified according to your needs.
A few select queries that incident responders generally use are the following:
We also have the following collection of Sophos created tools and documentation:
In addition to the above, we have curated a small list of essential tools that often assist us in hunting for threats on an allegedly compromised machine.
Sign up to the Sophos Support SMS Notification Service to get the latest product release information and critical issues.
Does anyone have any similar tools but for Linux they could recommend as I could really do with trying some at least until Sophos for Linux EDR combines with the AV engine??
JK
You mean this? https://community.sophos.com/intercept-x-endpoint/early-access-program/f/recommended-reads/126207/sophos-server-protection-for-linux---av-plugin
__________________________________________________________________________________________________________________
Yes, I saw that this morning but for Server protection I don't have EDR licence and with those EAP EDR for Linux Licencing changes recently I had to drop using EDR for Linux all together (well at least when / if XDR EAP for Linux appears although I'm assuming the licence changes for different editions than already owned will still apply? lol). So, it's why I'm currently looking for third party freeware to use onto of my Server licences with just AV.