We are pleased to announce that the Sophos XDR Detections dashboard is now available for all Intercept X Advanced with XDR and Intercept X Advanced for Server with XDR customers.
The dashboard provides a prioritized list of suspect activity and vulnerable configurations that warrant immediate attention. The prioritized list makes it easy for admins to focus on the important issues and reduce time spent on investigating low-risk events.
Suspect activities are ranked on a 1-10 risk scale (10 being the highest risk), highlighting a description of the detection and how it maps to the MITRE ATT&CK framework. Additional details include the time of the event, associated processes, executed command lines, file hashes, device, user, and more.
While digging into the details of a suspicious item, it’s easy to take further action with a context-aware list of deeper investigation options and immediate actions that can be performed.
Watch the video to see this powerful new functionality in action.
Try out the Sophos XDR Detections dashboard
It’s easy to try out Sophos XDR and the new Detections dashboard. If you are new to XDR, you’ll also get the opportunity to use powerful threat hunting capabilities that answer important security and IT operations questions such as “is RDP unnecessarily enabled on any devices?” and “has my software rollout successfully completed?”
Existing XDR customers – you don’t need to take any action unless you have disabled uploads to the Sophos Data Lake. To turn on uploads select ‘Global Settings’ then under Endpoint or Server Protection (or both) select the ‘Data Lake uploads’ setting and toggle the ‘Upload to the Data Lake’ on.
New customers – if you have a Sophos Central account you can start a trial of XDR functionality via the in-product trial tab. In the left hand column select ‘Free Trials’ and then ‘Intercept X Advanced with XDR’ or ‘Intercept X Advanced for Server with XDR’. Then follow the above instructions for enabling the Sophos Data Lake.
If you don’t have a Sophos Central account you can start trials for your endpoints and servers on the Sophos.com website.
Leave a Reply