In this brief demo video we cover the core features being add during the early access program and as part of the expected product availability in May/June 2021 Content Data Lake and direct endpoint queries from one console (Available in EAP) Schedul...

For query assistance, please see the following Best Practices guide With the addition of the data lake a significant amount of new information is available.  In this document we will discuss each of the core database schemas. For thos...

Hi Community,  The following is being released to Sophos Central Windows Endpoints : Core Agent v2.15.4 Endpoint Advanced v10.8.10 The following are changes of note introduced in this release: Enablement of Tamper Protection in safe boot mode...

New feature – Tamper Protection Password Export (due for release on w/c 25th January) Sophos Central allows you to recover the tamper protection passwords of devices that you’ve recently deleted.You might need to do this so that you...

This blog post contains a listing and details on features that have previously been released to the New Endpoint/Server Protection Features early access program and are now generally available to all customers. 19/08/2020 - IPS for Windows Ser...

Hi Community,  The latest Sophos Linux Protection has been released with the following module version changes: Sophos Linux Base has been updated to 1.1.4. Sophos Live Discover plugin has been updated to 1.1.0. Sophos Linux Live Response has be...

Hi Community,  The following is being released to Sophos Central Windows Endpoints and Servers: Core Agent v2.10.8 Update components are:  Sophos AutoUpdate updated to version 6.6.386. Sophos Endpoint Defense updated to versi...

IaaS connector functionality for Amazon AWS and Microsoft Azure is being removed from the Intercept X Advanced for Server (SVRCIXA) and Central Server Protection (SVRC) licenses. It is being replaced by the more comprehensive capabilities of Sophos C...

Sophos appreciates your assistance. Please make sure to read all the items in this post. Also, please report any issues on the Discussions forum - we need your feedback to help improve the product. Overview Support is now GA (Generally Available) fo...

Check out this webinar where the Sophos Engineering and PM team give an introduction on coding against the EDR Data Lake API and walk through using and modifying the Sophos Data Lake Test tool. vimeo.com/.../ad569fd23d

For query assistance, please see the following Best Practices guide I am adding a set of queries to explore information in the data lake from the XG Firewall. For the data lake to have information from the XG Firewall you will need to have...

You can find the getting started guide for the EDR Data Lake APIs available here on the apigee.io site we use. Overview This guide takes you through a few simple steps to start using the new EDR Data Lake APIs in Sophos Central. All our APIs are off...

Hi all, We are releasing a new policy setting to all customer on the w/c 2nd November, 'Track Network Connections'. This will be in the Advanced Settings section of the Threat Protection policy We plan to enable this new feature gradually ov...

With having completed the early access testing on our new EDRv3 capabilities and with the upcoming features that will be entering the New Endpoint and Server Protection and EDR Features early access program being more protection rather than EDR relat...

Hi everyone,  The following versions have been released to Sophos Central Windows Endpoints.  Sophos Core Agent 2.10.7 Endpoint Advanced 10.8.9 This release will require a reboot. Please see the following release notes for more informatio...

Hi all I have started populating the queries section of the forum.  I Expect to put about 50 queries into the forum to perform the basic navigation and exploration of the data.  Once I get those loaded in we will start adding more interesti...

We're starting to turn on IPS and Behavior detection features for endpoint and server customers. You'll see a new "Detect malicious behavior" option in threat protection policies. You can test both of these features now in the Early Access Program; ...

Throughout September we will continue to enhance EDR capabilities and with our latest update we are pleased to announce that the powerful EDR querying and response capabilities of Live Discover and Live Response are now generally available on Ma...

Hello all, We are due to update our EAP agent during the week of 21st September; this update has some small fixes in it and will allow us to start enabling IPS and our new behavioral engine.  Note: After this update you need to reboot devices to...

We are excited to announce that Intercept X for Server Advanced with EDR has been enhanced with powerful cloud visibility features from Cloud Optix.

In addition to even more detail on AWS, Azure and GCP cloud workloads, this integration gives Sophos partners and customers critical insight into their wider cloud environment including security groups, hosts, shared storage, databases, serverless, containers and more.

 

…

Sophos continues to enhance our new EDRv3 capabilities and over the past week numerous improvements have been introduced:

Role Based Access Controls for the Live Response Beta:

One of the top requests received during the Live Response Beta during the Early Access Program was to provide Administrators better control around defining Central admins who can use Live Response and who can manage the Live Response settings. 

…

For query assistance, please see the following Best Practices guide

The Sophos UK Sales engineering team has been getting familiar with live discover. In the work they explored group policy and provided the following queries:

Deleted security groups -

Variable to specify the number of days to check
Windows

/* Deleted Security Groups */
SELECT
   source,
   eventid, 
   CAST(datetime(time, 'unixepoch') AS TEXT) AS 'Change Made',…

Last week SophosLabs published a report about the Glupteba malware. According to Sophos Labs this malware family has been growing in numbers. "This malware, with its hard-to-pronounce name, has been getting regular updates and feature enhancements that seem to be focused on its ability to conceal itself from detection on infected computers....The core malware is, in essence, a dropper with extensive backdoor functionality, but…

We are thrilled to announce that the latest version of Sophos EDR (endpoint detection and response) is now available to all Intercept X Advanced with EDR and Intercept X Advanced for Server with EDR customers.  This release brings powerful new capabilities that enable both IT admins and security analysts to ask detailed IT operations and threat hunting questions across their entire estate. It also provides new functionality …