To simplify the experience when reviewing and analysing Threat Cases we are making changes to where Threat Cases are accessed in Sophos Central. A new Threat Analysis Center can be found in the main Overview section of Sophos Central and this new area will consolidate all Threat Cases across both endpoint and server (and any future device types that might support Threat Cases and EDR capabilities). On February 20th, this change will go live. When looking to view or analyse Threat Cases, instead of going into the Endpoint Protection or Server Protection areas of Sophos Central, you will now be able to jump right into all Threat Cases from the Overview by clicking the new “Threat Analysis Center” button underneath “Alerts”.
Soon you will also be able to filter by device type from within the Threat Analysis Center should you wish to only see endpoint or server Threat Cases. And don’t fret, you will still see the Dashboard widget within the Endpoint Protection and the Server Protection sections of Sophos Central in addition to having the full list of Threat Cases available in the Threat Analysis Center:
For Intercept X Advanced with EDR customers, Threat Search capabilities will also move into the Threat Analysis Center. Watch this space for the Intercept X Advanced with EDR for Server early access program which will be opening on February 25th (details here). Customers who join the EAP will benefit from an enhanced Threat Search which will support the searching of data sent up to Sophos Central from both the Endpoint and Server EDR data feeds.
For more info, check out these articles: