The NDR team is pleased to announce early access to the new Investigation Console for Sophos NDR. The NDR Investigation Console provides a rich graphical interface for viewing, monitoring, and analyzing network activity. It’s an essential addition to any Sophos NDR deployment and is offered at no extra charge for all licensed Sophos NDR customers.
The NDR Investigation Console is designed to install on a virtual appliance on the local network and augments Sophos Central by providing deeper analysis tools on your local network, minimizing data uploads to the cloud.
While Sophos Central is still your first stop for identifying detections and handling cases, this new NDR Investigation console provides deeper analysis and forensic investigation tools for the last 30 days of network activity.
Here’s just a few examples of how you can use the NDR Investigation Console:
- Gain comprehensive visibility into all network activity over the past 30 days
- Analyze application activity, non-blocking IDS events, and more over time
- Investigate potential threats or anomalies that may have gone undetected
- Monitor network activity over time to identify suspicious patterns and behaviors
- Leverage advanced data analysis tools to quickly pinpoint issues
Watch this 2-minute video overview:
The Sophos NDR Investigation Console includes a comprehensive set of features:
- Rich visual dashboard with device status, network traffic, detections by severity and geolocation
- Drill-down from any dashboard widget into more granular reports
- Filter data by any attribute or by content and save filters for quick access in the future
- View all NDR sensor appliances feeding the console and their status
- Stores a Full 30 days of deep network telemetry data
- Run queries against the full data set: build queries, set variables, execute
- Maintain a list of saved queries and leverage queries published by Sophos
- User management with Super Admin and Admin roles
- Robust audit log of all admin activities
- Full documentation is provided
How to Get Started:
For existing Sophos NDR customers, download the new Investigation Console image from Sophos Central (under Devices > Installers) and give it a test drive to help make this product the best it can be before the official launch in August.
The installation requirements are the same as for NDR sensors: see the Sophos NDR Datasheet for details.
Please visit the Sophos Community to learn more and provide feedback.