Sophos Central

Suggest, discuss, and vote on new ideas for Sophos Central. The unified console for managing your Sophos products.
Please raise all product releated feature requests in the respective product forum

Sophos Central

Suggest, discuss, and vote on new ideas for Sophos Central. The unified console for managing your Sophos products.
Please raise all product releated feature requests in the respective product forum

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. reset endpoint halth status

    sometimes the endpoint health status remains in red if the detection is too old or in other situations.
    Resetting the endpoint status from Central could help in understanding real client problems and getting focus on them.

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
  2. Suspicious file download

    It would be great being able to download the suspicious file from Central (also if the endpoint is actually offline) to investigate on them. Another option would be to directly report virustotal result, as this is probably the first check all of us try on suspiciuos file.

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
  3. Threat analisys center yara taxii

    It would be useful to be able to import external yara taxii and stix data and schedule the running stage with alerting on detection. Also, using sha1 could be of help.

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
  4. Threat analisys center yara taxii

    It would be useful to be able to import external yara taxii and stix data and schedule the running stage with alerting on detection. Also, using sha1 could be of help.

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
  5. installation videos

    I believe Sophos should have some installation & troubleshooting videos and or training available for new users installing Sophos for the first time.
    Getting installation/configuration assistance is time consuming and frustrating for new installers.

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  General  ·  Flag idea as inappropriate…  ·  Admin →
  6. Tamper Protection Report

    It would be wonderful if there was an option to run a report to find out which endpoints have Tamper Protection turned OFF/ON. Or an option to sort the Devices list by Tamper being off/on.

    3 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
  7. Sophos Mobile Central restart devices task

    Add the ability to create a task to restart a device. iOS specifically

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  General  ·  Flag idea as inappropriate…  ·  Admin →
  8. Immediate "caught" report to notification email

    When we run campaigns, we would like "caught" users to be immediately reported via email to a specific email address in real time so we don't have to continually run the results report. If this could generate the training URL also but instead of sending it to the user, send it to the notification email address, that would allow us to take faster action versus learning about the issue a day or so later.

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Phish Threat  ·  Flag idea as inappropriate…  ·  Admin →
  9. Scan multiple computers with one click

    Apparently I'm not the first one to come up with this idea. Would be a great feature to be able to initiate a manual scan on all devices in event of a possible threat and not have to do it one machine at a time.

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
  10. quarantine summary actions

    In the Quarantine Summary email, give me the additional action options to Always Permit and Block. Saves a ton of time having to log into the web portal to find each email.

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Email Gateway  ·  Flag idea as inappropriate…  ·  Admin →
  11. search quarantine

    Provide the ability to search your Quarantined messages. Helpful if you are looking for a message and not sure if it made it past the quarantine. Currently you have to just scroll through the list, very time consuming and counter productive.

    3 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Email Gateway  ·  Flag idea as inappropriate…  ·  Admin →
  12. Quarantine Filtering

    please improve the search and filtering on the email gateway quarantine.

    allow order by subject, and filtering by reason, subject etc...

    3 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Email Gateway  ·  Flag idea as inappropriate…  ·  Admin →
  13. Extend the archive logs for Sophos Central Log.io

    Hello Team,

    Requesting to Extend the archive logs for Sophos Central Log.io for Phish Threat Campaign for 30 days or more as this will be helpful for the customer and for the technical support to perform further investigation for the behavior of campaign that run for 30 days.
    For your assistance please. Thank You.

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Phish Threat  ·  Flag idea as inappropriate…  ·  Admin →
  14. List devices without a retrieved encryption key

    Suggestion for Device Encryption:
    Admins need the ability to confirm how many devices do not have a "successfully retrieved encryption key" in the Sophos dashboard. Either a metric on the Encryption Dashboard that provides a list of such devices, or the ability to query for it, like a report.

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Device Encryption  ·  Flag idea as inappropriate…  ·  Admin →
  15. end user is getting Sophos central alerts including DLP .

    end-user is getting Sophos central alerts including DLP. user does not have any membership of the alert configured group also does not have any administrator role as Help desk, Administrator, Super Administrator in Sophos central.DLP alert is a security incident, it should not disclose with end-user.

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  User management  ·  Flag idea as inappropriate…  ·  Admin →
  16. Live Response session transcripts

    Record all commands run on a device by a Sophos Central admin during a Live Response session and make the transcript available, either for download or viewable some other way. Currently the Audit log records when sessions are run, by whom, and on which device, but the logs don't indicate what happened.

    A transcript of what commands were run would be nice to have for auditing purposes and to include with any forensic investigation reports, especially sensitive cases or cases involving potential legal ramifications where the ability to document exactly what was done to a system would be beneficial.

    3 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  General  ·  Flag idea as inappropriate…  ·  Admin →
  17. Partner Central API Enhancement to give IP address, Username associated with the Endpoint, Threat Details like Hashes, Threat Name etc.,

    Update Request/Response mechanism for Partner Central API to retrieve useful information in triaging the alert. Details associated with network ip information, username asscoaited with endpoint, Threat Details (indicators, hashes, threat names etc.,), (We retrieve alarms from various customers and triage them via API anything that is human readable so any other necessary information needed would be very very helpful. VS the current response we get from Sophos Partner API: "category": "policy",
    "tenantname": "CLIENT NAME",
    "person
    id": "7644e8aa-c856-96d1-5c96-69d53664c7a7",
    "groupKey": "MSxFdmVudDo6RW5kcG9pbnQ6Ok5vbkNvbXBsaWFudCw1MTMs",
    "managedAgenttype": "computer",
    "description": "Policy non-compliance: Data Loss Prevention",
    "type": "Event::Endpoint::NonCompliant",
    "tenant
    id": "c3ff8512-34f2-4e61-8654-b4909f1b3030",
    "allowedActions": [
    "acknowledge"
    ],
    "id": "83e0dc8d-52a6-4cd2-872b-07e9a1b7b507", …

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  General  ·  Flag idea as inappropriate…  ·  Admin →
  18. Tamper Protection Whitelist for other security products

    Tamper Protection Whitelist to allow other security programs to interact with Whitelisted Registry settings. Crowdstrike Falcon is used to collect data for Digital Forensics and is needing set a registry setting in a place protected by Tamper Protection.

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
  19. QA Demo

    Test QA demo

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  General  ·  Flag idea as inappropriate…  ·  Admin →
  20. API to Modify SSID

    It would be very helpful to have an API we could use to add MAC addresses to an SSID.

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Wireless  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.