Endpoint Protection

Suggest, discuss, and vote on new ideas for Sophos Endpoint Protection. Comprehensive security for users and data

Suggest an Idea...

Root Cause Analysis for attacks from remote machines

We recently had an incident where there was a Ransomware detection from a remote internal server that was stopped by Intercept X. It turns out that it was a false positive, however investigating to get to that conclusion was a problem as there is only a generic event created in Sophos Central but no Root Cause Analysis. If you look in the Windows event viewer logs for hitmanpro, you can see which files were affected and where the attack originated from, so the information is available but not being used within Sophos Central. When it comes to critical detections like remote Ransomware attacks, it is important to have as much information on hand as possible to investigate quickly, so displaying this information in a Root Cause Analysis would be beneficial, even if the attacks are false positives.

2 votes
Sign in
(thinking…)
Sign in with: Facebook Google Sophos Features & Ideas Laboratory
Signed in as (Sign out)

We’ll send you updates on this idea

Orrin Limerick shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

0 comments

Sign in
(thinking…)
Sign in with: Facebook Google Sophos Features & Ideas Laboratory
Signed in as (Sign out)
Submitting...

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.