Sophos NDR Investigation Console Early Access

ProductsEarly Access ProgramSophos NDR
Aug 07 2024 By

The NDR team is pleased to announce early access to the new Investigation Console for Sophos NDR. The NDR Investigation Console provides a rich graphical interface for viewing, monitoring, and analyzing network activity. It’s an essential addition to any Sophos NDR deployment and is offered at no extra charge for all licensed Sophos NDR customers.

The new NDR Investigation Console provides a wealth of information on the dashboard

 

The NDR Investigation Console is designed to install on a virtual appliance on the local network and augments Sophos Central by providing deeper analysis tools on your local network, minimizing data uploads to the cloud.

While Sophos Central is still your first stop for identifying detections and handling cases, this new NDR Investigation console provides deeper analysis and forensic investigation tools for the last 30 days of network activity.

Here’s just a few examples of how you can use the NDR Investigation Console:

  • Gain comprehensive visibility into all network activity over the past 30 days
  • Analyze application activity, non-blocking IDS events, and more over time
  • Investigate potential threats or anomalies that may have gone undetected
  • Monitor network activity over time to identify suspicious patterns and behaviors
  • Leverage advanced data analysis tools to quickly pinpoint issues

 

Watch this 2-minute video overview:

The Sophos NDR Investigation Console includes a comprehensive set of features:

  • Rich visual dashboard with device status, network traffic, detections by severity and geolocation
  • Drill-down from any dashboard widget into more granular reports
  • Filter data by any attribute or by content and save filters for quick access in the future
  • View all NDR sensor appliances feeding the console and their status
  • Stores a Full 30 days of deep network telemetry data
  • Run queries against the full data set: build queries, set variables, execute
  • Maintain a list of saved queries and leverage queries published by Sophos
  • User management with Super Admin and Admin roles
  • Robust audit log of all admin activities
  • Full documentation is provided

 

How to Get Started:

For existing Sophos NDR customers, download the new Investigation Console image from Sophos Central (under Devices > Installers) and give it a test drive to help make this product the best it can be before the official launch in August.

The installation requirements are the same as for NDR sensors: see the Sophos NDR Datasheet for details.

Please visit  the Sophos Community to learn more and provide feedback.

About the Author

Chris McCormack is a network security specialist at Sophos where he has been focused on firewall and network protection since joining Sophos in 2008. When not evangelizing Sophos network security products, Chris specializes in providing advice and insight into the latest threats and network protection technologies and strategies.