Intercept X with XDR

Sophos Extended Detection and Response (XDR) lets you investigate detected threats (“threat cases”) and search for new threats or security weaknesses. It also lets you monitor devices and fix issues remotely.

You can find most XDR features in Overview > Threat Analysis Center.

These features are available if you have an Intercept X license that includes Sophos XDR.

Threat cases

Threat cases let you investigate and clean up malware attacks.

You can find out where an attack started, how it spread, and which processes or files it has affected.

For help, see Threat cases.

Live Discover

Live Discover lets you check activity on devices. You can run queries about the software installed, processes running, registry changes, and more. This helps you detect security weaknesses or malicious activity.

You can run queries on devices or on our Data Lake, which stores device data in the cloud. The Data Lake lets you query devices even when they’re not connected, schedule your queries, and query data from multiple Sophos products.

You can send information to the Data Lake from the following products:

  • Sophos Endpoint Protection
  • Server Protection
  • Sophos Email
  • Sophos Firewall
  • Sophos Cloud Optix

For help with creating and running queries, see Live Discover.

Live Response

Live Response lets you connect directly to an individual device to investigate and fix possible security issues.

For help, see Set up and start Live Response.