These are the release notes for Sophos Managed Threat Response for Linux, managed by Sophos Central.
The features mentioned in these release notes are only available if you have the appropriate license.
You may find that you can't yet download and use the latest version. This is because Sophos releases the software over a number of days, but publishes the release notes on the first day.
View the product documentation at Server protection.
Sophos Managed Threat Response for Linux | 2023.1 January 2023 |
1.0.13 September 2022 |
1.0.12 June 2022 |
1.0.11 February 2022 |
1.0.10 November 2021 |
1.0.9 June 2021 |
1.0.8 April 2021 |
1.0.7 December 2020 |
1.0.6 August 2020 |
1.0.4 June 2020 |
1.0.2 February 2020 |
1.0.1 November 2019 |
---|---|---|---|---|---|---|---|---|---|---|---|---|
SPL-Managed-Threat-Response-Plugin | 1.0.14 | 1.0.13 | 1.0.12 | 1.0.11 | 1.0.10 | 1.0.9 | 1.0.8 | 1.0.7 | 1.0.6 | 1.0.4 | 1.0.2.105 | 1.0.1 |
We've updated the names of our components.
Sophos Managed Threat Response for Linux is now called SPL-Managed-Threat-Response-Plugin.
We now support Amazon Linux 2022, Ubuntu 22.04 (LTS), Oracle 8, Miracle Linux, Debian 10 and Debian 11. Earlier versions of Sophos Managed Threat Response for Linux don't support these platforms.
With the XDR release, MTR now supports Sophos Management Communication System (MCS) or proxies. This means it receives endpoint events generated by scheduled query results.
This version adds Response Action Framework (RAF). This includes the following features:
Sophos Managed Threat Response plugin updated to 1.0.4.
Sophos Managed Threat Response (MTR) provides 24/7 threat hunting, detection, and response. It is delivered by an expert team as a fully-managed service. Beyond simply notifying you of attacks or suspicious behavior, the Sophos MTR team initiates actions on your behalf to neutralize even the most sophisticated and complex threats. Two levels of service are available:
MTR Response Actions initiated from the MTR console don't support MCS/proxies. A direct connection between the endpoint and the MTR platform is still required for the MTR Ops team to take Response Actions in the MTR console. The MTR Ops team can use Response Actions when MTR Standard or MTR Advanced customers turn on either "Authorize" or "Collaborate" Threat Response Mode.
Issue ID | Component | Description |
---|---|---|
LINUXDAR‑281 | Sophos Managed Threat Response for Linux | Process monitoring may not work on a system that is already running osquery. |
LINUXDAR‑601 | Sophos Managed Threat Response for Linux | Process monitoring data is not available on systems with auditd enabled. |
The following platforms and point releases have been tested:
You can find technical support for Sophos products in any of these ways:
Copyright © 2023 Sophos Limited. All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means, electronic, mechanical, photocopying, recording or otherwise unless you are either a valid licensee where the documentation can be reproduced in accordance with the license terms or you otherwise have the prior permission in writing of the copyright owner.
Sophos and Sophos Anti-Virus are registered trademarks of Sophos Limited and Sophos Group. All other product and company names mentioned are trademarks or registered trademarks of their respective owners.