MTR dashboard

The Managed Threat Response (MTR) dashboard shows a summary of threats we've recently detected and investigated.

To see the MTR dashboard, sign in to Sophos Central and go to MTR.

You can also go to the MTR dashboard from the main Sophos Central dashboard (the first page you see when you sign in). Look for the MTR summary pane and click the link in the upper right.

Action required banner

If you see an Action required banner on the dashboard, we've notified you about an incident or incidents. Now we're waiting for your response.

To see the case we've opened for each incident, click Go to cases and review the details. Then respond to the notification we've sent you or your contacts. Currently you can only respond using email.


Action required banner

Detections

The panels at the top of the page show statistics for the following:

  • Detections: Potential threats that we’ve detected.
  • Cases: Cases we open to investigate incidents further.
  • Escalations: Incidents we notify you about.
  • Threats: Confirmed threats.

By default, you see statistics for the last 7 days. To change this, click the menu in the upper right of the page, and select a different time period.

Alternatively, select Live in the menu. This automatically refreshes the "Last 7 days" data every thirty seconds. You can also refresh the page by clicking Refresh.

The statistics panels show the figures for the current period and the percentage change compared with the last period.

You can see the same statistics for detections in the graph.


Screenshot of MTR dashboard

Detections by time, by OS, and by technique

The Detections by time of day (UTC) heat map shows the level of detections each hour. All times are in Coordinated Universal Time (UTC). Hover over any cell in the table to see the number of detections in that hour.

Screenshot of detections by time heat map

Total detections by operating system shows the number of detections for each OS.

The MITRE ATT&CK techniques chart shows a breakdown of attacks according to the classifications used in the MITRE knowledge base. For more information, see https://attack.mitre.org/.

MITRE ATT@CK techniques chart

Connector status report

Restriction If you have a Sophos MTD license, this feature isn't available.

MTR connectors allow MTR to use data from other Sophos products to investigate potential threats.

If you have licenses for other products, we set up the connector for you. You don't have to do anything.

The connector status report does as follows:

  • Shows whether products are connected (green tick) or not connected (cross).
  • Shows products that can be connected if you buy a license. These are shown as Optional.
  • Shows the number of detections by each product.
Screenshot of MTR connector status report

Detections classification summary

The dashboard lists the five most frequently-detected types of malicious behavior, along with the number of each.

Detections by classification pie chart

Most investigated devices

The dashboard shows the devices we've investigated most frequently.

Click on a device name for more details.

Active cases

The dashboard lists MTR cases (investigations into potential threats) that are currently active.

You can see more details of MTR cases on the Cases page.