Over the last several weeks, many new features have been added to Sophos XDR. Each of these features aim to enhance analyst efficiency and provide better insights when investigating threats.

Detections Integration with SophosLabs Intelix

Sophos XDR endpoints now leverage SophosLabs Intelix to analyze samples when detections under certain conditions that indicate the possibility of malicious activity. Intelix analyzes file samples using both static and dynamic analysis. By comparing the findings of both methods of analysis, Intelix assigns an overall verdict to ascertain if a sample is malicious, suspicious or clean.

Device Exposure

Device Exposure highlights devices which haven’t installed OS updates for 30+ days. These machines are likely missing important security updates. By giving customers a simple way to pinpoint devices at risk, they can quickly identify the low hanging fruit and take action to address updating issues.

Device Exposure is available for all new Central accounts, with a wider rollout beginning in July 2024.

Detection Suppression Rules

Detection Rules gives users Sophos XDR more customization options to tailor their experience while using the platform. This feature enables actions to trigger when XDR detections match the conditions defined in a rule. The first action supported for Detection Rules is Suppress. In addition to hiding these noisy or unwanted detections in the Detections UI—this action will also prevent a case from being created.

Detection Descriptions

This feature introduces a new format for describing why a detection rule was triggered, as well as detailing the evidence and implications of the activity. Another benefit of the Detection Descriptions feature is support for multilingual translation of the descriptions.