Looking at getting onboard

Hi everyone,

We are looking at getting Sophos Intercept X Advanced. Can anyone confirm if Sophos CIXA can do all the following?

Monitoring of Windows clients and Instant alert if a client is compromised with a virus/malware/application vulnerability or suspicious activity.

Windows Server logging. Server compromised. virus/malware/ports.

Windows Server attacks. NMap scan. Bruit force attacks.

Reports when a user logs into a network. (so we can track onsite usage over the weekend/after hours)

Reports on user AD password changes.

Reports on AD login failed attempts.

Audits on Active Directory/User/Group changes.

Thanks in advnace everyone.

Added tags
[edited by: Gladys at 6:28 AM (GMT -7) on 19 Jun 2023]
  • Hello Shawn, 

    Thank you for reaching the community forum.

    Refer to the comments for each one of your concerns.

    - Monitoring of Windows clients and Instant alerts if a client is compromised with a virus/malware/application vulnerability or suspicious activity. - Yes, Our Endpoint product is capable of the said monitoring as every alert that the endpoint generates will be sent to Sophos central, and if email notification is activated, it will send email directly to the email you've specified upon configuration. 

    - Windows Server logging. Server compromised. Virus/malware/ports.- Yes, this is also available on Sophos central same as the endpoint.

    - Windows Server attacks. Nmap scan. Bruit force attacks. - Yes, with our intercept X product, this can be prevented, and an alert will be generated to Sophos Central whenever it detects any malicious activity.

    - Reports when a user logs into a network. (so we can track onsite usage over the weekend/after hours) - No, this isn’t possible. Mostly this can be done through a firewall but not on the endpoint. 

    - Reports on user AD password changes. - No, Our endpoint does not log any password change.

    - Reports on AD login failed attempts. - No, our endpoint does not log this activity.

    - Audits on Active Directory/User/Group changes. - This is possible, But you need to check with your account manager or Sales engineer once you subscribe to our product, as this may need further configuration beyond our Sophos supports capabilities. 

    Hope I was able to provide answers to you're query. 

    Glenn ArchieSeñas (GlennSen)
    Global Community Support Engineer

    The New Home of Sophos Support Videos!  Visit Sophos Techvids
  • Hello Shawn, 

    Thank you for reaching the community forum.

    Refer to the comments for each one of your concerns.

    - Monitoring of Windows clients and Instant alerts if a client is compromised with a virus/malware/application vulnerability or suspicious activity. - Yes, Our Endpoint product is capable of the said monitoring as every alert that the endpoint generates will be sent to Sophos central, and if email notification is activated, it will send email directly to the email you've specified upon configuration. 

    - Windows Server logging. Server compromised. Virus/malware/ports.- Yes, this is also available on Sophos central same as the endpoint.

    - Windows Server attacks. Nmap scan. Bruit force attacks. - Yes, with our intercept X product, this can be prevented, and an alert will be generated to Sophos Central whenever it detects any malicious activity.

    - Reports when a user logs into a network. (so we can track onsite usage over the weekend/after hours) - No, this isn’t possible. Mostly this can be done through a firewall but not on the endpoint. 

    - Reports on user AD password changes. - No, Our endpoint does not log any password change.

    - Reports on AD login failed attempts. - No, our endpoint does not log this activity.

    - Audits on Active Directory/User/Group changes. - This is possible, But you need to check with your account manager or Sales engineer once you subscribe to our product, as this may need further configuration beyond our Sophos supports capabilities. 

    Hope I was able to provide answers to you're query. 

    Glenn ArchieSeñas (GlennSen)
    Global Community Support Engineer

    The New Home of Sophos Support Videos!  Visit Sophos Techvids
No Data