MTR dashboard

The Managed Threat Response (MTR) dashboard shows a summary of threats we've recently detected and investigated.

To see the MTR dashboard, sign in to Sophos Central and go to MTR.

Tip You can also go to the MTR dashboard from the main Sophos Central dashboard (the first page you see when you sign in). Just look for the MTR summary pane and click the link in the upper right.

Detections

The panels at the top of the page show statistics for the following:

  • Detections: Potential threats that we’ve detected.
  • Cases: Cases we open to investigate incidents further.
  • Escalations: Incidents we notify you about.
  • Threats: Confirmed threats.

By default, you see statistics for the last 7 days. To change this, click the menu in the upper right of the page, and select a different time period.

Alternatively, select Live in the menu. This automatically refreshes the "Last 7 days" data every thirty seconds. You can also refresh the page by clicking Refresh.

The statistics panels show the figures for the current period and the percentage change compared with the last period.

You can see the same statistics for detections in the graph.

Screenshot of MTR dashboard

Detections by time, by OS, and by technique

The Detections by time of day heat map shows the level of detections each hour. All times are in Coordinated Universal Time (UTC). Hover over any cell in the table to see the number of detections in that hour.

Screenshot of detections by time heat map

Total detections by operating system shows the number of detections for each OS.

The MITRE ATT&CK techniques chart shows a breakdown of attacks according to the classifications used in the MITRE knowledge base. For more information, see https://attack.mitre.org/MITRE ATT@CK techniques chart

Connector status report

MTR connectors allow MTR to use data from other Sophos products to investigate potential threats.

If you have licenses for other products, we set up the connector for you. You don't have to do anything.

The connector status report does as follows:

  • Shows whether products are connected (green tick) or not connected (cross).
  • Shows products that can be connected if you buy a license. These are shown as Optional.
  • Shows the number of detections by each product.
Screenshot of MTR connector status report

Most investigated devices

The dashboard also shows the devices we've investigated most frequently.

Click on a device name for more details.

Active cases

The dashboard lists MTR cases (investigations into potential threats) that are currently active.

You can see more details of MTR cases on the Cases page.