Skip to content

MDR cases

You can track the MDR cases that we raise and investigate.

To see the MDR cases, go to MDR > Cases.

The page lists all the cases we've raised for your sub-estates in the time period you select and shows a description of each case and its status.

MDR cases page.


  • In progress: We're still analyzing the data.
  • Action required: You need to take action. (We've notified your contacts.)
  • Resolved: We've resolved the threat.

The statistics panels above the list show the number of cases with each status for the current time period and the percentage change since the last time period.

By default, you see statistics for the past 7 days. To change this, click the menu in the upper right of the page.


The list also shows the severity of each incident. The severity levels and the colors associated with them are as follows:

  • Critical (red)
  • High (yellow)
  • Medium (yellow)
  • Low (green)
  • Info (green)

Case details and messages

You can view case details or exchange messages with the Sophos MDR team about the case.

  1. Click the case number in the ID column.

    Screenshot of MDR case ID.

  2. On the Case Details page, Overview shows the threat type and the progress of the case.

    MDR case details.

  3. On the Case Details page, you can also see messages about the case from the Sophos MDR team. To reply, type your reply in New message and click Send message.

    • Messages that you send go into an MDR inbox. We'll respond to them later.
    • Messages that you send or receive are copied to your authorized contacts' mailboxes, so you won't miss any messages.
    • You can send and receive attachments as well as messages.

    MDR case messages.