About sophos Intercept X Advanced with XDR and other Sophos features I take note, on blog, about some related articles:
Sophos Intercept X Advanced with XDR: Help with Forensic Snapshots
https://support.sophos.com/support/s/article/KBA-000006333?language=en_US+
Sophos XDR-enabled devices continually capture data related to processes, files, networks, and other system activities. When threat detection occurs, a snapshot file of current activity is created on the device's disk. This snapshot helps generate the Threat Case in Sophos Central, which attempts to piece together the threat chain of an attack and identify related activities.
Data Lake uploads
https://docs.sophos.com/central/customer/help/en-us/ManageYourProducts/ThreatAnalysisCenter/LiveDiscover/DataLakeUploads/index.html
Sophos XDR: Getting Started with XDR and Data Lake Hydration
https://techvids.sophos.com/watch/JWndawT866eCh9gVXTNE2K
Sophos Intercept X: Adaptive attack protection
https://support.sophos.com/support/s/article/KBA-000008632?language=en_US
This protection feature is part of the malicious behavior protection capability in the Sophos endpoint. It consists of a series of technique-focused behavioral rules intended to disrupt the actions of a threat actor.
Admin Isolated Devices
[UPDATE 2025.06.05]
Sophos Endpoint: Adaptive Attack Protection Gets Even Better
