Threat Analysis Center

The Threat Analysis Center dashboard lets you see the most important information at a glance.

Go to Overview and then click Threat Analysis Center to see the dashboard.

It consists of these areas.

Most recent threat cases

Threat cases let you investigate malware attacks. Click a case to find out where an attack started, how it spread, and which processes or files it has affected.

Threat cases are available only for Windows devices.

The dashboard shows threat cases on different tabs, depending on who generated them, as follows:

  • Cases automatically generated by Sophos.
  • Cases generated by a Sophos Central admin.

We only show threat cases with the status "new" in this area. If a threat case is closed or in progress, even if it has a newer date than one with "new" status, we don't show it.

To see all your cases, click See all threat cases.

Recent Live Discover queries

Live Discover lets you run queries on your devices as follows:

  • Search for signs of threats that haven't been detected by other Sophos features.
  • Search for signs of a suspected or known threat if Sophos Central has found the threat elsewhere.
  • Check for compliance with security standards.

The dashboard shows the most recent queries that you've run.

To see full details of a query and its results, click its name in the list.

To see all your recent queries, click See all.

To run a new query, click New session.

Recently scheduled queries

You can schedule Live Discover queries.

The dashboard shows your most recent scheduled queries and their frequency.

To see full details of a scheduled query and to access its results, click its name in the list.

To see all your scheduled queries, click See all.