Skip to content

Sophos MDR

The Sophos Managed Detection and Response (MDR) integration sends alerts to the Sophos MDR service.

Sophos MDR is a fully-managed, 24/7 threat hunting, detection, and remediation service.

Sophos Cloud Optix uses the MDR integration to send supported alerts and events to Sophos MDR.

Licensing changes

The Sophos Managed Threat Response (MTR) service changed to Managed Detection and Response (MDR) in November 2022.

MTR Advanced licenses

For customers who had an MTR Advanced license, Sophos Cloud Optix continues to integrate with the Sophos managed service. It sends anomaly detection alerts and Amazon GuardDuty events to Sophos MDR.

This happens automatically, there are no setup steps.

Sophos MDR and MDR Complete licenses

Customers with new Sophos MDR and MDR Complete licenses must set up the Sophos Cloud Optix integration in Sophos Central.

To do this, do as follows:

  1. Sign in to Sophos Central.
  2. Click Threat Analysis Center > Integrations.
  3. Click the Sophos Cloud Optix card and follow the instructions.

The MDR service now receives anomaly detection alerts from Cloud Optix.

Monitoring

You can see the status of the Sophos Cloud Optix MDR integration in Sophos Central.

How you do this depends on whether you had an MTR Advanced license, or you have a new Sophos MDR or MDR Complete license.

MTR Advanced licenses

If you had an MTR Advanced license, to monitor the status of your connection do as follows.

  1. Sign in to Sophos Central.
  2. Click MDR to open the MDR dashboard.
  3. Look for Connector status report.

See the Connector status report section of MDR dashboard.

Sophos MDR and MDR Complete licenses

If you have a Sophos MDR or MDR Complete license, to monitor the status of your connection do as follows.

  1. Sign in to Sophos Central.
  2. Go to Threat Analysis Center > Integrations.
  3. Click Sophos Cloud Optix.
  4. Integration Status shows you whether the integration is active or not.

See Sophos Cloud Optix.

MDR baselining

This feature only applies to Sophos CDR Beta customers.

As a Sophos MDR customer in the Sophos CDR (Cloud Detection and Response) Beta, when you add a cloud environment to Sophos Cloud Optix, the environment is checked for existing issues. You must review these detections and either resolve the issue or suppress the detection.

This process is known as baselining and must be completed before MDR monitoring of the cloud environment can start.