Related
Recommended
Brett VanWagoner
AI Search for Detections Now Available

AI Search for Detections Now Available

We’re excited to announce the latest feature available to those participating in our New AI Features Early Access Program (EAP) : AI Search for Detections. This new feature enables analysts to query the Sophos data lake for detection data using natural language removing the barrier of complex SQL syntax, making security data more accessible.

XDR AI features are only available while working with self-managed cases. Cases managed by the Sophos MDR Operations team cannot be modified.

Simplify your investigations

Security operations teams face increasing pressure to sift through vast amounts of security telemetry data, but many analysts lack the knowledge required to craft advanced SQL queries. With AI Search for Detections, you can now ask questions about your data using straightforward natural language. The feature improves accessibility, efficiency, and productivity for all users, whether they’re seasoned analysts or new to the XDR landscape.

Powered by OpenAI’s large language models (LLMs)—AI Search understands natural language inputs, translates them into structured queries and executes them against the Sophos data lake. You simply input a question—like "Show me all detections from the last week related to Windows Server"—and let the AI handle the rest. The results are displayed in a format similar to the Detections UI, making it easy to analyze and navigate.

Key features

  • Suggested Queries — Example queries are provided to guide you in crafting your own queries, giving you a head start in making the most of the data available.

  • AI Generated SQL — After each search execution, the SQL syntax generated by the LLM is available to view in the UI, making it easy to read and copy for reuse.

  • Save Queries — The LLM-generated SQL query can be saved to Live Discover for repeated use, making future investigations quicker and easier.

  • Export Results — AI Search allows you to export your results to CSV for further analysis or reporting.

Default Search Parameters

Default Time Range

24 hours (unless otherwise specified in the natural language prompt)

Data Lake Retention

90 days (or 1-year if licensed for Central Data Storage Pack)

Maximum Number of Results

1,000 records

Currently, English is the only supported language for Sophos XDR AI features.

Which Sophos products support AI features?

Customers with licenses for the following Sophos products can access XDR AI Features:

  • Sophos Intercept X Advanced with XDR

  • Sophos Network Detection and Response

  • Sophos MDR Essentials

  • Sophos MDR Complete

How do I join the New AI Features EAP?

  1. When logged into Central, click on the profile button in the top right corner of the screen and select Early Access Program.

  2. On the Early Access Program page, click the Join button for the New AI Features EAP.

  3. On the next New AI Features screen, click Continue.

  4. Next, check the I accept the Sophos End User Terms of Use checkbox and click the Accept

  5. You are now enrolled in the EAP.

This program does not currently have an expiry date. If you have any questions about AI features or encounter any problems, please visit the New AI Features EAP Discussions Community.

Unfiltered HTML