We are excited to announce that powerful new Endpoint Detection and Response (EDR) features for Intercept X are now available in early access.
This early access program (EAP) brings pre-built, fully customizable SQL queries for both granular threat hunting and IT health checks and management across your organization’s estate. Here’s how to join.
This feature allows admins to search their data for almost any question they can think of by searching across endpoints and servers with SQL queries. You can choose from a selection of pre-created queries that can be fully customized to pull the exact information that you need. IT operations and threat hunting sample questions include:
- Why is a machine performing slowly? Is it pending a reboot?
- Are users running unauthorized browser extensions?
- Have any processes had their registry keys or files modified recently?
- Is remote sharing enabled? What about guest accounts?
- What processes are attempting to make network connections on non-standard ports?
Live Response (coming in May to early access)
Live Response gives admins the ability to respond with precision. Using a cmdline interface, remotely access devices in order to perform further investigation or take action. For example:
- Reboot a device pending updates
- Terminate suspicious processes
- Browse the file system
- Edit configuration files
- Run scripts and programs
How to join the EAP
The EAP is open to everyone with Intercept X and Intercept X for Server – even if you don’t currently have EDR. For complete instructions on how to join as well as additional technical information, please head over to the Sophos community. We look forward to hearing your feedback!
Spreading the word
Take advantage of these assets and get your customers excited about these new EDR enhancements:
- Video series
Lots of great content showing off the features in action, performing a variety of tasks
- Sophos News blog post
Customer-facing blog post highlighting key new features and benefits
Ready-to-send email – just add your logo and send
Please note: Some links above require access to the Sophos Partner Portal which is available for Sophos partners only. If you are a registered partner and have trouble logging in, please contact firstname.lastname@example.org.
In some cases, if you are not logged in, the direct links given may not work. If so, verify you are logged in to the Partner Portal and then click the link again to view the desired page.