Intercept X - Threat Case - Root Cause not Identified, No Threat Case
After upgrading to Intercept X with EDR there are situations where a Threat Case is not created. Sophos Support mentioned a Threat Case was not forwarded to Central because a root cause could not be found. Even when a Root Cause cannot be identified consider creating a Threat Case so customers have access to the additional context information. Perhaps set the beacon as the root cause.
"Note: Threat cases are only created for malicious detections; this does not include detections for PUAs, Application Control, Device Control, Web Control. Additionally if Sophos isn't able to automatically confirm a root cause, a Threat Case may not be generated."