This post is to highlight response actions that an operator of the Sophos Central XDR tools may encounter. These response actions will be used on XDR with the full Intercept X engine or in our future launch of the XDR Sensors.
We will cover (5) key actions that you may perform daily or in an incident response activity:
We are going to focus on working out of Powershell.
You can run native commands from Live Response within the Windows Command Prompt utility, you can use their reference of available commands.
You must have XDR enabled in your environment. This is entirely a Live Discover query.
This is intended for Windows only.
To call Powershell, you can perform the simple command: "powershell.exe"