Trying to run the latest 3CX; however receiving this error: f inished - errors - no such table: xdr_data SELECT meta_hostname, sophos_pids, domain, clean_urls, source_ips, destination_ips, timestamps, ingestion_timestamp FROM xdr_data…

Disclaimer : This information is provided as-is for the benefit of the Community. Please contact Sophos Professional Services if you require assistance with your specific environment. Index Purpose Prerequisites Query #1 - Live Discover - Check…

Disclaimer : This information is provided as-is for the benefit of the Community. Please contact Sophos Professional Services if you require assistance with your specific environment. Purpose Sophos Firewall uses firewall rule ID "0" in your log viewer…

Disclaimer : This information is provided as-is for the benefit of the Community. Please contact Sophos Professional Services if you require assistance with your specific environment. Purpose Sophos Community has amassed an incredible catalog of queries…

Disclaimer : This information is provided as-is for the benefit of the Community. Please contact Sophos Professional Services if you require assistance with your specific environment. Purpose If you have not traversed the XDR journals, please review…

Disclaimer : This information is provided as-is for the benefit of the Community. Please contact Sophos Professional Services if you require assistance with your specific environment. Overview This article describes how to create a PowerShell script…

Disclaimer : This information is provided as-is for the benefit of the Community. Please contact Sophos Professional Services if you require assistance with your specific environment. Purpose If you have not traversed the XDR journals, please review…

Guys, I have a doubt. there is no more sophos product for endpoint with EDR? XDR only?

Disclaimer : This information is provided as-is for the benefit of the Community. Please contact Sophos Professional Services if you require assistance with your specific environment. Purpose Sophos Endpoint and Server products all come equipped with…

Disclaimer : This information is provided as-is for the benefit of the Community. Please contact Sophos Professional Services if you require assistance with your specific environment. Purpose The Windows Firewall is a security component to help protect…

Disclaimer : This information is provided as-is for the benefit of the Community. Please contact Sophos Professional Services if you require assistance with your specific environment. Purpose This query is taken directly from the Sophos Rapid Response…

Disclaimer : This information is provided as-is for the benefit of the Community. Please contact Sophos Professional Services if you require assistance with your specific environment. Purpose The Great Karl_Ackerman put this query together to provide…

Disclaimer : This information is provided as-is for the benefit of the Community. Please contact Sophos Professional Services if you require assistance with your specific environment. Purpose This post is to highlight response actions that an operator…

The script siem.py is very useful to retrieve alerts and actions on Sophos Central, but it is unable to collect data from XDR. Is it possible to "empower" it to read XDR data? SIEM would have a complete visibility on activities done on the infrastructure…

Hi there, Has anyone managed to construct API queries to pull out Detections/Investigations from Sophos XDR at all? We want these to be pushed into our ticketing platform as they are generated (or fetch them every 5 mins etc.) but I can't find any…

Disclaimer : This information is provided as-is for the benefit of the Community. Please contact Sophos Professional Services if you require assistance with your specific environment. Purpose Often, Remote Desktop Protocol (RDP) sessions are used…

Disclaimer : This information is provided as-is for the benefit of the Community. Please contact Sophos Professional Services if you require assistance with your specific environment. Purpose Let's revisit a query written by Kyle Seike - post can…

Disclaimer : This information is provided as-is for the benefit of the Community. Please contact Sophos Professional Services if you require assistance with your specific environment. Purpose This query is designed to give you information required…

Disclaimer : This information is provided as-is for the benefit of the Community. Please contact Sophos Professional Services if you require assistance with your specific environment. Purpose This query is designed to give you a "Total Report" of…

Disclaimer : This information is provided as-is for the benefit of the Community. Please contact Sophos Professional Services if you require assistance with your specific environment. Purpose This query is designed to give you a "Total Report" of…

Hey everyone, happy to be a part of this nice community. I decided to register an account as I've lurked around a fair share and actually am employed by Sophos Partner company. Looking for some recommendations on EDR / XDR with primary focus being the…

Disclaimer : This information is provided as-is for the benefit of the Community. Please contact Sophos Professional Services if you require assistance with your specific environment. Overview This post is going to cover setting up a user created…

Disclaimer : This information is provided as-is for the benefit of the Community. Please contact Sophos Professional Services if you require assistance with your specific environment. Overview Here at Sophos, we launched EDR into the endpoint platform…