Intercept X with EDR

Sophos Endpoint Detection and Response (EDR) lets you investigate detected threats (“threat cases”) and search for new threats. It also lets you monitor devices and fix issues remotely.

You can find most EDR features in Overview > Threat Analysis Center.

These features are available if you have an Intercept X license that includes Sophos EDR.

Threat cases

Threat cases let you investigate and clean up malware attacks.

You can find out where an attack started, how it spread, and which processes or files it has affected.

For help, see Threat cases.

Threat searches

Threat searches let you search for potential threats, such as new threats you’ve read about, or for more instances of threats you’ve already seen. You can search using file names, file hashes, IP addresses or domains, and more.

For help, see Threat searches.

Threat indicators

Threat indicators highlight suspicious files that we haven’t blocked but that you might want to investigate.

You can see the probability that files are malicious, along with details of where and when they’ve been run. You can also block and clean up files.

For help, see Threat indicators.

Live Discover

Live Discover lets you check activity on devices. You can run queries about the software installed, processes running, registry changes, and more. This helps you detect security weaknesses or malicious activity.

For help with creating and running queries, see Live Discover.

Live Response

Live Response lets you connect directly to an individual device to investigate and fix possible security issues.

For help, see Set up and start Live Response.