Skip to content

Page permalink

Always use the following permalink when referencing this page. It will remain unchanged in future help versions.

https://docs.sophos.com/central/partner/help/en-us/index.html?contextId=mdr-cases

MDR cases

You can track the MDR cases that we raise and investigate.

To see the MDR cases, go to MDR > Cases.

The page lists all the cases we've raised for your customers in the time period you select and shows a description of each case and its status.

MDR Cases page.

Case details and messages

You can view case details or exchange messages with the Sophos MDR team about the case.

  1. Click the case number in the ID column.

    MDR case ID.

  2. On the Case Details page, Overview shows the threat type and the progress of the case.

    MDR case details.

  3. On the Case Details page, you can also see messages about the case from the Sophos MDR team. To reply, type your reply in New message and click Send message.

    • Messages that you send go into an MDR inbox. We'll respond to them later.
    • Messages that you send or receive are copied to your authorized contacts' mailboxes, so you won't miss any messages.
    • You can send and receive attachments as well as messages.

    MDR case messages.

Case details

You can find the case details in the table.

  • ID: The case ID number.
  • Customer Name: The customer name.
  • Status: The case status.
  • Case creation: The date when the case was created.
  • Last updated: The date when the case was last updated.

  • Severity: The severity of the incident that caused the case. The severity levels and the colors associated with them are as follows:

    • Critical (red)
    • High (yellow)
    • Medium (yellow)
    • Low (green)
    • Info (green)

  • Description: The case description.

  • Synopsis: A summary of the case.

Filter cases

On the Cases page, you can use the filters to display cases by status or type.

Status

Select a case status to display.

  • In progress: We're still analyzing the data.
  • Action required: You need to take action. We've notified your contacts.
  • Resolved: We've resolved the threat.

The statistics panels above the list show the number of cases with each status for the current time period and the percentage change since the last time period.

By default, you see statistics for the last seven days. To change this, click the menu in the upper right of the page.

Type

Select a case type to display.

  • Threat Hunt: MDR Ops team conducts a threat hunt.
  • Investigation: MDR Ops team investigates, contains, and neutralizes threats. They also provide recommendations if needed.
  • Incident: MDR Ops team investigates, contains, and neutralizes threats. They also provide recommendations if needed.
  • Health Check: Health Check is a proactive evaluation of a customer’s Sophos environment.
  • Posture Improvement: This identifies a lack of security control and high-risk settings and configurations within a customer’s estate.
  • Customer Request: MDR Ops team conducts an investigation at the request of the customer.
  • Managed Risk: This identifies vulnerabilities and misconfigurations within a customer’s environment. The MDR Ops team investigates the findings and provides recommendations to the customer.

Escalation

Escalated cases require advanced analysts’ investigation and response actions. They could also require customer collaboration to resolve the cases. Unescalated cases are cases that our analysts 100% investigate and resolve for the customer without requiring additional action or input.

  • Cases requiring action: Shows cases with an Action required status.
  • All escalated cases: Shows all escalated cases.