Sophos Endpoint Detection & Response (EDR)

Sophos EDR & XDR: EDR Endpoint Schema and XDR Data Lake Schema

Overview of EDR endpoint Schema and XDR Data Lake Schema. For more information, see the following post: https://community.soph...
Feb-23-2021

Sophos XDR: EAP Launch Demo

Covers features available in the XDR Data Lake EAP starting Feb 22, 2021. For more information see the following Community pos...
Feb-22-2021

EDR 3.0 - Live Discover & Response: Generic Indicator of Compromise Hunting Query

Inspired by the US IRAN tensions in January, we wanted to build a query to search for the indicators of compromise exhibited by...
Feb-11-2021

EDR 3.0 - Live Discover & Response: Live Response Role Based Access Controls

Learn about Role Based Access Controls that EDR customers can use to better manage the admins who can use the Live Response fun...
Feb-11-2021

EDR 3.0 - Live Discover & Response: Live Response EAP Introduction

Learn about how Live Response can be used to help with detailed investigations or take prompt action on devices.
Feb-11-2021

EDR 3.0 - Live Discover & Response: IT Operations

Live Discover leveraging canned queries for basic IT Operations
Feb-11-2021

EDR 3.0 - Live Discover & Response: Live Response Demo

Using Live Response to disable RDP on a remote device
Feb-11-2021

EDR 3.0 - Live Discover & Response: Caldera

This one is longer and shows how I determined the observable for Caldera then went from writing a query for each technique to h...
Feb-11-2021

EDR 3.0 - Live Discover & Response: Joining the Early Access Program

How to Join the EAP for Endpoints and Servers
Feb-11-2021

EDR 3.0 - Live Discover & Response: Hunting

Performing basic hunting with EDR 3.0 EAP
Feb-11-2021