We are excited to announce that powerful new Endpoint Detection and Response (EDR) features for Intercept X are now available in early access.
This early access program (EAP) brings pre-built, fully customizable SQL queries for both granular threat hunting and IT health checks and management across your organization’s estate. You can join the EAP now.
Live Discover
Live Discover allows you to examine your data for almost any question you can think of by searching across endpoints and servers with SQL queries.
You can choose from a selection of pre-created queries that can be fully customized to pull the exact information that you need.
IT operations and threat hunting sample questions include:
- Why is a machine slow? Is it pending a reboot?
- Are users running unauthorized browser extensions?
- Have any processes had their registry keys or files modified recently?
- Is remote sharing enabled? What about guest accounts?
- What processes are attempting to make network connections on non-standard ports?
Live Response (coming in May to early access)
This feature gives you the ability to respond with precision. Using a cmdline interface, remotely access devices in order to perform further investigation or take action. For example:
- Reboot a device pending updates
- Terminate suspicious processes
- Browse the file system
- Edit configuration files
- Run scripts and programs
How to join the EAP
The EAP is open to everyone that has Intercept X and Intercept X for Server, even if you don’t currently have EDR.
For full instructions on how to join and additional technical information please head over to the Sophos community. We look forward to hearing your feedback!
John Kenny
This new Feature is something ive been hoping would come to Central for a while as its something ive had to use 3rd party tools to perform, please add more queries pls asap as i would love more in the EAP but i realise its lots of work but many thanks to the team.