PLEASE READ Advisory: Kernel memory issue affecting multiple OS (aka F**CKWIT, KAISER, KPTI, Meltdown & Spectre) for the latest updates.
Root Cause Analysis is a component already available in the current version of Intercept X. For folks testing the Early Access software we have completed the plumbing work to get the new active adversary mitigations to trigger RCA generation. That means that when testing with Sophos Tester or your own penetration tools when a detection event happens the endpoint will generate a Root Cause Analysis Case that shows the stages of the attack and where it was stopped.
For an overview of the RCA capability see the video and presentation deck.
Presentation Deck: RCA.pptx
Recorded Presentation: Root Cause Analysis Presentation
For those that just want to see RCA in action with some of the new protections in place check out the Demo video.
Demo of RCA in action RCA Demo