Sophos Managed Threat Response for Linux

Version 1.0.7 New

New features

This version adds Response Action Framework (RAF). This includes the following features:

The MTR team can define custom response actions.
You can push a file to an endpoint during an investigation.
You can automate conditional execution of response actions.

Updated components

Sophos Live Query updated to 4.5.0.
Sophos Managed Threat Response plugin updated to 1.0.7.

Components Updated

Components and their version numbers by release. The second column contains the latest release.
Sophos Managed Threat Response for Linux	1.0.7 December 2020	1.0.6 August 2020	1.0.4 June 2020	1.0.2 February 2020	1.0.1 November 2019
Sophos Live Query	4.5.0	4.4.0	4.0.2.1	4.0.2.1	4.0.2
Sophos Managed Threat Response plugin	1.0.7	1.0.6	1.0.4	1.0.2.105	1.0.1

Version 1.0.6

Updated components

Sophos Managed Threat Response plugin updated to 1.0.6.
Sophos Live Query updated to 4.4.0.

Version 1.0.4

Updated components

Sophos Managed Threat Response plugin updated to 1.0.4.

Version 1.0.2

New features

Remotely retrieve a file from a managed device to assist an MTR investigation. The file can be used as case evidence or submitted to Sophos for malware analysis (including static and dynamic malware).
Added ability to turn on and off verbose logging to improve troubleshooting.
Minor bug fixes.

Updated components

Sophos Live Query updated to 4.0.2.1.
Sophos Managed Threat Response plugin updated to 1.0.2.105.

Version 1.0.1

New features

Sophos Managed Threat Response (MTR) provides 24/7 threat hunting, detection, and response. It is delivered by an expert team as a fully-managed service. Beyond simply notifying you of attacks or suspicious behavior, the Sophos MTR team initiates actions on your behalf to neutralize even the most sophisticated and complex threats. Two levels of service are available:

MTR Standard: lead-driven threat hunting, adversarial detections, activity reports, security health check.
MTR Advanced: MTR standard features plus lead-less threat hunting, enhanced telemetry, proactive posture management, dedicated incident response lead, direct call-in support, asset discovery.

Known issues and limitations

Known issues and limitations, listed by ID, affected component and a description of the issue.
Issue ID	Component	Description
DE‑1437	Sophos Managed Threat Response for Linux	The use of Message Relays with Sophos Managed Threat Response for Linux is not supported.
LINUXDAR‑281	Sophos Managed Threat Response for Linux	Process monitoring may not work on a system that is already running osquery.
LINUXDAR‑601	Sophos Managed Threat Response for Linux	Process monitoring data is not available on systems with auditd enabled.

System requirements

Free disk space: 1 GB
Memory: 2 GB
System type: x64
Systemd supported and running
Kernel that supports GLIBC 2.17 or later
Bash is installed

Supported platforms

The following platforms and point releases have been tested:

Amazon Linux 2
CentOS 7
CentOS 8
CentOS Minimal
RHEL 7
RHEL 8
Ubuntu 18.04 (LTS)
Ubuntu 20.04 (LTS)
Ubuntu Minimal

Support

You can find technical support for Sophos products in any of these ways:

Visit the Sophos Community at community.sophos.com and search for other users who are experiencing the same problem.
Visit the Sophos support knowledge base at www.sophos.com/en-us/support.aspx.
Download the product documentation at www.sophos.com/en-us/support/documentation.aspx.
Open a ticket with our support team at https://secure2.sophos.com/support/contact-support/support-query.aspx.

Legal notices

Copyright © 2020 Sophos Limited. All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means, electronic, mechanical, photocopying, recording or otherwise unless you are either a valid licensee where the documentation can be reproduced in accordance with the license terms or you otherwise have the prior permission in writing of the copyright owner.

Sophos and Sophos Anti-Virus are registered trademarks of Sophos Limited and Sophos Group. All other product and company names mentioned are trademarks or registered trademarks of their respective owners.