We’re excited to announce that we will be launching a new Case Management User Experience (UX) into our XDR Features Early Access Program (EAP) on October 25th.

The new Cases feature provides a Case Management system that enables teams to easily and efficiently operationalise threat detection data across many systems and security tools.

The new feature will include the following.

Case list

See all of the Cases that have been created, either manually by you as part of a threat hunt, or, automatically by Sophos when our rules engine determines a threat requires further investigation or remediation. From the Case list view you can see the case severity, its status, name, and who the case is assigned to. 


The case overview provides details of the case such as its ID, Severity, Status, Owner, Created and Assigned dates. 

The summary section is for analysts to provide a synopsis of the case. There is also information about the case history. via 'Recent activity'. The 'MITRE Tactics' section summarises all of the MITRE TTPs associated with the detections that make up the case., 


The case detections tab shows a list of all of the detections associated to the case. 

The detections tab behaves in the same way as the Detections list in the Threat Analysis Center:  New Detections User Experience for the Threat Analysis Center  


This free form text editor allows teams to collaborate and record key information from their investigations. 

Thank you to everyone who joins the EAP and provides feedback.

EAP go live date has been updated to end of day on October 25, 2023.