Sophos AP/APX users may experience issues registering to Sophos Central. More info available here: Central Wireless
This article provides an overview of the Threat Indicators functionality in Sophos Central.
Note: This feature is only available to customers with an Intercept X with EDR license.
The following sections are covered:
Customers with EDR enabled endpoints and servers are getting an early preview of our new threat indicators feature. Threat Indicators uses machine learning to show you a prioritized list of the most suspicious files identified by your EDR enabled devices. Now you know what to look for, so you can focus on the most important investigations.
Threat Indicators can be accessed under Sophos Central Admin > Threat Analysis Center > Threat Indicators
The Threat Indicators 'Suspicious items' tab displays:
The Threat Indicators 'Actions taken' tab displays:
There are various options available from the information provided in the Threat Indicators page:
If you've spotted an error or would like to provide feedback on this article, please use the section below to rate and comment on the article. This is invaluable to us to ensure that we continually strive to give our customers the best information possible.
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. For technical support post a question to the community. Or click here for new feature/product improvements. Alternatively for paid/licensed products open a support ticket.