As testing some of the new Endpoint EDR capabilities can be a bit tricky, Sophos have put together a Test Guide to help demo and test the new capabilities.  The Test Guide walks through the scenarios below:

 

  1. The investigation of an existing detection where suspect files are identified in the threat chain which warrant further investigation. A file is submitted to SophosLabs for further analysis, an Item Search across the estate is performed and an endpoint isolated.

 

  1. The investigation of a suspect file hash received from a third party source of information where a cross estate Threat Search is run and the Clean and Block action is applied.

 

You can find the test guide under Documents on the Intercept X Early Access Program Community Landing page here

The direct link to the document is here