We have used Sophos for a long time and as a result our Windows AD is littered with old Sophos users and groups that are no longer used. In the past we used Sophos SAV, Enterprise Library, Puremessage and SQL DB. Currently we use Sophos Central, Endpoint…

I recently discovered that HMPA blocking certain malicious behaviors can already trigger a Cleanup, and I have a suggestion to change the HMPA blocking prompts to be more aptly named based on the MITRE ATT&CK architecture, as in the behavioral defense…

Currently, there is no pop-up alert for blocking controlled items. Will the next version add a switch for this alert, just like the alert for found viruses?

So far I can only find the name of its behavior separation, but I can't find any description of this technology https://docs.sophos.com/central/customer/help/zh-tw/ManageYourProducts/LogsReports/Logs/Events/MaliciousBehaviorTypes/index.html

I am trying to integrate Sophos Endpoint using the Sophos Endpoint Sentinel connector. I have already completed all the configuration steps but the events are not displayed in the Sentinel.

Buenos Día comunidad, Alguien sabe si desde Sophos Central para todos mis equipos Finales donde tengo Sophos Intercept X puedo configurar syslog a un servidor del cliente para recolectar toda la información. La configuración ya la realicé desde…

We have Java based microservice hosted on AWS ECS that accepts files from Customers, now we have need to scan files before its stored into perment storage. For that looking for an antivirus product with the capability to programmatically (via API or Java…

Hi good morning, I have an issue when I download the Applications Most Frequently Blocked especifically for one day. It downloads but it doesnt show information.

I am writing an integration with Sophos EDR and I'd like to have a clickable link from our SOAR platform to a detection in Sophos. Is there a was to formulate this link or is it accessible via REST API? I'm looking for something like "{sophos-console…

Hello. Have read about good detection rates on your engine and thought to check with Endpoint a possible ransomware/ransomware situation. First time user, yet to install the trial version, after the email and password are accepted, and that email code…

Hi, I have super admin access for sophos central and partner portal but I cannot see any old user delete function. If anyone know could you please guide to me.

Hi Team, We have a query in Sophos license allocation in Citrix VDI environment. How the licensing will work here for the sessions. So, we have a master image with Windows 11 operating system. Each users have a different session in the environment.…

I'm looking to consolidate two sub estates both have peripheral control enabled. Is it possible to export a list of allowed peripherals from one estate append into the other estate with minimal disruption to users and without changing the peripheral control…

Hello, Since yesterday, I've been receiving an alert on my Central platform. The description states "ADSyncWarningEvent," with the suggested action being "Email Alert - Change frequency for 'ADSyncWarningEvent' email alerts. This will be added to your…

Dear, I need to implement an endpoint solution that has EDR. Which Sophos endpoint solution already includes this feature?

Hi, I need to be able to pull the telemetry from Sophos Intercept X into my SIEM. I am currently using the GitHub project linked below to pull alerts into the SIEM, but I need the raw telemetry. Is this possible yet? This is an old thread that was…

Does anyone have a Script for ConnectWise RMM to install Sophos Endpoint? We have used some of the other legacy scripts and attempted to convert it to Connectwise RMM but have been unsuccessful.

We need to pull "Threat Analysis Center" logs via API. When we look at guides on sophos there are just "alert", "event" queries to pull events. Could you help us, please?

I request Sophos Central Intercept X Advanced quotation from the distributor. First, they gave quotation with model number CIXH1CSAA and when I request discount for that our distributor gave us new quotation with new model number CIXA0U12AANCAA. I found…

Our group has multiple companies, including company A and company B. Three years ago, the Sophos local reseller mistakenly entered the Sophos ID of company B with the License Key purchased for company A. This resulted in the LICENSE SCHEDULE for company…

Greetings to all. Is it possible to have two different "customers" and have ONE group of "Admin" users manage both of them. That is, one SOC-Analyst can belong to both spaces and handle "cases" for both customers?

Hey guys, I am trying to set up Sophos AD Sync on a new domain controller (Windows Server 2022 Datacenter) and I keep getting the error "The LDAP server is unavailable". This happens regardless of LDAP with SSL or insecure connection on port 389, different…

Customer is having 15 machines running windows server 2012 standard/R2 with sophos protection Intercept X advanced for server , But now he is moving towards extended support for new server 2012 machines and already deployed machines . Kindly guide us…

Hi Team, I would like to downgrade from Intercept X Advanced with XDR to Intercept X Advanced due to our full license is in Intercept X Advanced as per image. I have tried to go Devices > Manage Endpoint Software but there is no Intercept X Advanced…

Hello everyone, We are not receiving anymore the new investigation notification since 25-10-23 and we did no changed anything. I see that there is changes with case and investigation which is legacy now. We also checked in Threat analysis center …