Looking at getting onboard

Hello Shawn, 

Thank you for reaching the community forum.

Refer to the comments for each one of your concerns.

- Monitoring of Windows clients and Instant alerts if a client is compromised with a virus/malware/application vulnerability or suspicious activity. - Yes, Our Endpoint product is capable of the said monitoring as every alert that the endpoint generates will be sent to Sophos central, and if email notification is activated, it will send email directly to the email you've specified upon configuration. 

- Windows Server logging. Server compromised. Virus/malware/ports.- Yes, this is also available on Sophos central same as the endpoint.

- Windows Server attacks. Nmap scan. Bruit force attacks. - Yes, with our intercept X product, this can be prevented, and an alert will be generated to Sophos Central whenever it detects any malicious activity.

- Reports when a user logs into a network. (so we can track onsite usage over the weekend/after hours) - No, this isn’t possible. Mostly this can be done through a firewall but not on the endpoint. 

- Reports on user AD password changes. - No, Our endpoint does not log any password change.

- Reports on AD login failed attempts. - No, our endpoint does not log this activity.

- Audits on Active Directory/User/Group changes. - This is possible, But you need to check with your account manager or Sales engineer once you subscribe to our product, as this may need further configuration beyond our Sophos supports capabilities. 

Hope I was able to provide answers to you're query.