Skip to content

Sophos Linux Sensor

Investigations examples

English
日本語

Getting started
Configuration & Customization
Detections
Alerts & Auto-Response
Advanced configuration
Reference

Sophos Linux Sensor

Getting started
Configuration & Customization
Detections
Alerts & Auto-Response
Advanced configuration
Advanced configuration
- Using Investigations
  Using Investigations
Reference

Page permalink

Always use the following permalink when referencing this page. It will remain unchanged in future help versions.

https://docs.sophos.com/esg/sls/help/en-us/index.html?contextId=56bdc62c-8d95-4f3b-b774-920364ae67e6

Your browser doesn’t support copying the link to the clipboard. Please copy it manually.

Investigations examples

May 12, 2022

Recent Outbound Host-Port Connections
New Outbound Host Connections
Running Containers and Container Lifespan
What Commands Did Users Type By Host (History Evasion)
Which Users Logged into Which Hosts
Find Files Affected by Container
Files and Processes Responsible for File State
Child Process Activity Around Time of Alert
Parent Process Activity Around Time of Alert
Process Activity Around Time of Incident
External-bound Network Traffic - IPv4 - With Allowed Exceptions
External-bound Network Traffic - IPv6
External-bound Network Traffic - IPv4
Known Malicious Host
Post incident investigation

Was this page helpful?

Thank you for your feedback

Thank you for your feedback. Help us improve this page by giving us more information.

Getting Investigations data via S3/Athena

Recent Outbound Host-Port Connections

© Sophos Limited.