This article provides an overview of the Threat Searches functionality in Sophos Central:
This feature is only available to customers with an Intercept X with EDR license.
The following sections are covered:
The Threat Searches view provides an option to search for potential threats on your network. You can search for SHA-256 file hashes, file names, IP addresses or domains (either complete or partial).
Threat searches find the following:
Note: You can also run a threat search from within a threat case. That finds more examples of the potential threats identified in that case.
Threat Searches can be accessed under Sophos Central Admin > Threat Analysis Center > Threat Searches
To find potential threats:
When you run a threat search, you'll see a list of computers where the search has returned the existence of the searched item.
Click See details next to a computer to open a details page, where you can see a history for each item (for example, when it was detected, moved or removed).
On the details page, you can also take these actions to investigate and deal with potential threats.
Alternatively, if you have several affected computers, you can isolate them all at once on the main results page.
Re-running saved threat searches lets you do as follows:
To re-run a search, click it in the Saved Searches list.
If you've spotted an error or would like to provide feedback on this article, please use the section below to rate and comment on the article. This is invaluable to us to ensure that we continually strive to give our customers the best information possible.
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. For technical support post a question to the community. Or click here for new feature/product improvements. Alternatively for paid/licensed products open a support ticket.