Skip to content

Sophos MDR

The Sophos Cloud Optix integration sends supported alerts and events to the Sophos Managed Detection and Response (MDR) service.

Sophos MDR is a fully-managed, 24/7 threat hunting, detection, and remediation service.

Set up the MDR integration

Customers must set up the Sophos Cloud Optix integration in Sophos Central.

To do this, do as follows:

  1. Sign in to Sophos Central.
  2. Click Threat Analysis Center > Integrations.
  3. Click the Sophos Cloud Optix card and follow the instructions.

When it's configured, the MDR service receives anomaly detection alerts from Sophos Cloud Optix.

Monitoring

You can see the status of the Sophos Cloud Optix MDR integration in Sophos Central.

To monitor the status of the integration, do as follows:

  1. Sign in to Sophos Central.
  2. Go to Threat Analysis Center > Integrations.
  3. Click Sophos Cloud Optix.
  4. Integration Status shows you whether the integration is active or not.

For more information, see Sophos Cloud Optix.

MDR baselining

This feature only applies to Sophos CDR Beta customers.

As a Sophos MDR customer in the Sophos CDR (Cloud Detection and Response) Beta, when you add a cloud environment to Sophos Cloud Optix, the environment is checked for existing issues. You must review these detections and either resolve the issue or suppress the detection.

This process is known as baselining and must be completed before MDR monitoring of the cloud environment can start.