Ask any question about what has happened in the past – and what is happening now.
Sophos EDR gives you the tools to ask detailed questions when hunting down threats and strengthening your IT security operations posture.
You get access to powerful, out-of-the-box, customizable SQL queries that access up to 90-days of endpoint and server data, giving you the information you need to make informed decisions.
Example questions include:
- Why is a machine running slowly? Is it pending a reboot?
- Which devices have known vulnerabilities, unknown services or unauthorized browser extensions?
- Are there programs running on the machine that should be removed?
- Are processes trying to make a network connection on non-standard ports?
- Have any processes had files or registry keys modified recently?
