The product team is pleased to announce the introduction of Active Threat Response for Sophos Switch and Sophos Wireless (AP6 Series only). This new offering provides API-triggered responses to automatically isolate compromised hosts across the network. This extends threat intelligence from Sophos MDR, Sophos XDR, Sophos NDR, and third-party solutions to the access layer, quickly preventing lateral movement via any wired, wireless, managed, or unmanaged host.

Sophos Switches and Sophos AP6 access points registered in Sophos Central with an active Support and Services subscription have access to the Active Threat Response feature through Sophos Central. The Active Threat Response API ingests threat feed data allowing MDR analysts or network administrators to quickly isolate compromised hosts across the network.


  • Isolates wired and wireless, managed, and unmanaged hosts
  • Prevents lateral movement and buys you time for remediation
  • Detections can originate from multiple sources (Sophos or third-party solutions)

Active Threat Response on Sophos Central

From Sophos Central, the administrator can view an Active Threat Response page, where they can enable or disable Active Threat Response for Sophos switches and access points. This page also presents a list of the isolated hosts across all Sophos switches and AP6 access points managed in the Sophos Central account.

On the Access Points page, the firmware version displayed is now 1.4.1819 for AP6 access points running the MR4 release version 1.4.1748. AP6 access points not running the MR4 release will continue to display the original firmware version.

Active Threat Response APIs

Active Threat Response APIs are available in Sophos Central. For information on how to access and use APIs from Sophos Central, please see https://developer.sophos.com/.  The APIs can enable third-party integrations and workflows to swiftly isolate compromised hosts at the network access layer. We are always interested in how third-party integrations are deployed so please send us feedback regarding your custom integrations. 

To view the Active Threat Response APIs for Sophos Wireless (AP6 Series only), visit https://developer.sophos.com/docs/wi-fi-management-v1/1/overview.

To view the Sophos Wireless (AP6 Series only) management API guide, visit https://developer.sophos.com/wifi-management.