About these release notes

These are the release notes for Sophos Managed Threat Response for Linux, managed by Sophos Central.

The features mentioned in these release notes are only available if you have the appropriate license.

Note You may find that you cannot yet download and use the latest version. This is because Sophos releases the software over a number of days, but publishes the release notes on the first day.



Sophos Managed Threat Response for Linux


November 2019

Sophos Linux Base


Sophos Live Query


Sophos Managed Threat Response plugin


Version 1.0.1

New features

Sophos Managed Threat Response (MTR) provides 24/7 threat hunting, detection, and response. It is delivered by an expert team as a fully-managed service. Beyond simply notifying you of attacks or suspicious behavior, the Sophos MTR team initiates actions on your behalf to neutralize even the most sophisticated and complex threats. Two levels of service are available:

  • MTR Standard: lead-driven threat hunting, adversarial detections, activity reports, security health check.
  • MTR Advanced: MTR standard features plus lead-less threat hunting, enhanced telemetry, proactive posture management, dedicated incident response lead, direct call-in support, asset discovery.

Known issues and limitations

Issue ID




Sophos Managed Threat Response for Linux

The use of Message Relays with Sophos Managed Threat Response for Linux is not supported.


Sophos Linux Base

Sophos Managed Threat Response for Linux does not support systems that have another product that is managed by Sophos Central installed.

You can have only one managed product installed at a time.


Sophos Linux Base

Clone de-duplication is not supported by Sophos Managed Threat Response for Linux.


Sophos Managed Threat Response for Linux

Process monitoring may not work on a system that is already running osquery.


Sophos Managed Threat Response for Linux

Process monitoring data is not available on systems with auditd enabled.

Legal notices

Copyright © 2019 Sophos Limited. All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means, electronic, mechanical, photocopying, recording or otherwise unless you are either a valid licensee where the documentation can be reproduced in accordance with the license terms or you otherwise have the prior permission in writing of the copyright owner.

Sophos and Sophos Anti-Virus are registered trademarks of Sophos Limited and Sophos Group. All other product and company names mentioned are trademarks or registered trademarks of their respective owners.