Skip to content

Page permalink

Always use the following permalink when referencing this page. It will remain unchanged in future help versions.

https://docs.sophos.com/central/customer/help/en-us/index.html?contextId=mdr-operations-team

Get help from the MDR Operations team

This page tells you how the MDR Operations team can help you, how to contact them, and what you might need to tell them.

How the MDR Operations team can help

Your issue How to get help
Active incident Contact the team by phone. See Phone support.
Suspicious activity Send a service request
Investigation request Send a service request
General questions Send a service request

To send a service request, see Create an MDR service request.

Note

If you have an MDR Essentials license, you can only get help during an active incident.

Phone support

If you believe you're experiencing an active incident and are an MDR customer, you can call us using one of the regional telephone numbers below.

Country Number Cost
Austria +4373265575513 Toll
Switzerland +41445152285 Toll
France +33134348070 Toll
Germany +4961171187835 Toll
Italy +390287317993 Toll
Spain +34913758065 Toll
Dubai 800035704220 Toll-Free
United Kingdom +441235465857 Toll
Ireland +35312647191 Toll
Country Number Cost
Australia +61294099162 Toll
New Zealand +6494245697 Toll
India 0008000402359 Toll-Free
Country Number Cost
United States +1(833) 813-8776 Toll-Free
Canada +1(833) 813-8776 Toll-Free

If you're located outside one of the geographies above, please contact the MDR Security Operations Center (SOC) that is closest to you.

What to tell the team

Having the right information up front helps the MDR Operations team quickly assess and respond to potential threats. When you engage with them for the first time, be prepared to provide the details shown below.

Threat information Examples
Description of the issue What symptoms or alerts have you observed?
Timeline When did you first notice the problem? Has it happened before?
Environment changes Any recent updates, patches, or configuration changes.
Indicators of compromise Suspicious emails, files, IPs, domains, or other artifacts
Impact and scope Which hosts or users are affected? Include names, IPs, and whether the hosts are production.
Volume of impact How many users or endpoints are involved?
Evidence Logs, screenshots, error messages, or alert IDs that support the investigation.
Backups Confirm whether critical data is backed up.
Suspicious network activity Any observed unusual traffic or outbound connections.

Also, make sure the MDR Operations team know who to contact in your organization and when they're available.

Create an MDR service request

An MDR service request lets you raise issues with our MDR team. To create a request, do as follows:

  1. Go to Threat Analysis Center > Cases.
  2. On the Cases page, click Create case in the upper right.
  3. Select MDR service request.

  4. In Create service request for the MDR team, do as follows:

    1. Enter a case name and description.

      Note

      Don't use special characters in the case name. Sophos APIs might interpret special characters as syntax instead of values. Use only alphanumeric characters, spaces, and basic punctuation.

    2. Click Create.

  5. On the Case details page, on the Messages tab, you can exchange messages with the MDR team.

You can't add to or edit any other tabs.