We are delighted to introduce Sophos User Activity Verification. Sophos Central customers can leverage the User Activity Verification API to request information from users on their mobile devices.

What is Sophos User Activity Verification?

User Activity Verification provides a way to request additional context from admins or users via their mobile device. It leverages the Sophos Intercept X app for Android and iOS, and enables a secure and rapid channel of communication. An example could be requesting information from a user about potentially suspicious activity detected on their desktop machine, or asking an administrator for approval for an action.

The User Activity Verification functionality is available through the Sophos Central API, meaning it can be integrated with external tools and workflows such as security automation and response (SOAR) or other systems.

How does it work?

The User Activity Verification API enables you to send questions (also referred to as 'attestations') to a user's mobile device. The user can respond to the question by clicking one of the provided answers. Users need an Android or iOS device with Sophos Intercept X for Mobile managed by Sophos Central. Attestations are sent to each device associated with the user. After the user has responded to the question, the response is returned to Sophos Central and available through the User Activity Verification API.

To get started with User Activity Verification please join the Early Access Program in Sophos Central:

  • Log into Sophos Central
  • Select Early Access Programs (from drop down menu in top right corner)
  • Find User Activity Verification and click Join
  • Go to Global Settings> User Activity Verification and click to enable

More details about the User Activity Verification API are available in the user guide and on the Sophos Developer site.