We are delighted to introduce Sophos User Activity Verification. Sophos Central customers can leverage the User Activity Verification API to request information from users on their mobile devices.
User Activity Verification provides a way to request additional context from admins or users via their mobile device. It leverages the Sophos Intercept X app for Android and iOS, and enables a secure and rapid channel of communication. An example could be requesting information from a user about potentially suspicious activity detected on their desktop machine, or asking an administrator for approval for an action.
The User Activity Verification functionality is available through the Sophos Central API, meaning it can be integrated with external tools and workflows such as security automation and response (SOAR) or other systems.
The User Activity Verification API enables you to send questions (also referred to as 'attestations') to a user's mobile device. The user can respond to the question by clicking one of the provided answers. Users need an Android or iOS device with Sophos Intercept X for Mobile managed by Sophos Central. Attestations are sent to each device associated with the user. After the user has responded to the question, the response is returned to Sophos Central and available through the User Activity Verification API.
To get started with User Activity Verification please join the Early Access Program in Sophos Central:
More details about the User Activity Verification API are available in the user guide and on the Sophos Developer site.
Stunning. I can already see the flow of "Did you just download ${filename}?" -> No -> Isolate!
Also loving that timeoutInSeconds supports up to 24h (86400 seconds) and as low as 60 sec! It opens up a variety of uses and beyond time-critical questions related to malicious or suspicious detections (e.g. "We need to restart the server to apply patches. Can we proceed?").
Great News! Thanks Tom