i have intercept-X with XDR installed i want to see that if any particular IOC is present or not??? if present then how can i delete it??
please guide.
This thread was automatically locked due to age.
i have intercept-X with XDR installed i want to see that if any particular IOC is present or not??? if present then how can i delete it??
please guide.
Hi Madni,
Thanks for reaching out to the Sophos Community Forum.
If you're looking to get started with XDR queries, I'd suggest checking out this getting started guide.
- Getting Started In Live Discover - From Beginner to Advanced Query Creation
When searching for particular IOCs, there are a number of built-in queries in the Threat Analysis Center under Live Discover in Sophos Central. The specific query you choose to run will give you information based on the IOC it's built to look for. You can find a number of querying resources in the Recommended Reads section of the forum.
If these queries return positive results for indicators of compromise, your team can then take action to mitigate. If you have a Sophos MDR license, our team will constantly be doing this in the background while working with you and your team when needed, to handle the SOC tasks on your environment.
