Response Sophos Managed ThreatContents About this guide.....1

Sophos Managed ThreatResponse

startup guide for new customers

ContentsAbout this guide....................................................................................................................................... 1Activate your account...............................................................................................................................2

If you have an account................................................................................................................. 2If you don’t have an account........................................................................................................ 3

Set up the Sophos MTR service............................................................................................................. 6Create Sophos Central admins................................................................................................................8Install Sophos MTR software.................................................................................................................10

Install Sophos MTR on Windows, Windows Server or macOS.................................................. 10Install Sophos MTR on Linux......................................................................................................10

What next?............................................................................................................................................. 11Legal notices.......................................................................................................................................... 12

(2020/09/08)

Sophos MTR startup guide for new customers

1 About this guideThis guide tells you how to set up Sophos Managed Threat Response (MTR) if you're a new customer.

These instructions apply whether you’re setting up the service for Windows, macOS, or Linuxcomputers.

NoteIf you're already using Sophos Central or migrating to it, see the startup guide for existingcustomers instead.

Copyright © Sophos Limited 1


2 Activate your accountBefore you can set up the Sophos MTR service, you need to check that your account and license havebeen activated.

The steps you take depend on whether your organization (or a Sophos Partner) has already createdan account for you.

If your account has been created, you see a Welcome email from Sophos. Click Set up mypassword and follow the instructions in If you have an account.

If your account hasn’t been created, you need to sign up and activate your account and license.Follow the instructions in If you don’t have an account.

Related tasksIf you have an account (page 2)

If you don’t have an account (page 3)

2.1 If you have an account

Follow these instructions if you have a Sophos Central account.

You receive a Welcome email from Sophos.

To activate your account:

1. In the email, click Set up my password.

2. In Activate your account:

a) Create your password. For added security, set up multi-factor authentication.

b) Select a Central Admin Portal location. Your data will be stored in this region.

NoteYour Sophos Partner might have selected this for you.

c) Read and acknowledge the legal agreements.

2 Copyright © Sophos Limited


Now continue to the Set up the Sophos MTR service section.

Related tasksSet up the Sophos MTR service (page 6)

2.2 If you don’t have an account

Follow these instructions if you don't have a Sophos Central account.

You need to set up a Sophos Central account and activate it before you set up the Sophos MTRservice. To do this:

1. Go to https://central.sophos.com and select Sign up here.

You’re redirected to a Sophos Central Free Trial sign-up page.

2. Fill out your details and click Save.

You receive a Welcome email from Sophos.


https://central.sophos.com


3. In the email, click Set up my password.

4. In Activate your account:

a) Create your password. For added security, set up multi-factor authentication.

b) Select a Central Admin Portal location. Your data will be stored in this region.

NoteYour Sophos Partner might have selected this for you.

c) Read and acknowledge the legal agreements.

5. The Sophos Central dashboard is displayed.

Now you need to apply your Sophos MTR license in Sophos Central.

6. Click the account name (Administrator in this example) in the upper right of the dashboard andselect Licensing.



7. On the Licensing page, click Apply License Key.

You should have received a license key from your Partner when you bought your Sophos MTRService.

8. Enter your license key now, accept the license terms, and click Apply.

Now continue to the Set up the Sophos MTR service section.

Related tasksSet up the Sophos MTR service (page 6)



3 Set up the Sophos MTR serviceThe first time you sign in to Sophos Central after activating your account and/or license, you'll beprompted to configure the MTR service, as follows.

1. Go to https://central.sophos.com and sign in. You see a form like this:

2. Enter the details of three contacts in your organization.

If there’s an incident, we’ll contact each in turn till there is a response.

NoteYou must enter a Primary contact. We recommend that you also include Secondary andTertiary contacts.

3. In MTR Response Mode, choose how you want us to respond to incidents.

Option Description

Authorize We’ll take any action needed to resolve theincident and we’ll notify you.

Collaborate We’ll work with your contacts to resolve theincident. If we can’t reach the contacts, we’lltake action.

Notify We’ll notify you about the incident and sendyou any details you need to resolve it yourself.

The default is Notify.

4. Save your details.




You can edit these settings at any time in Sophos Central, under Global Settings > ManagedThreat Response Preferences.

Now continue to the Create Sophos Central admins section.



4 Create Sophos Central adminsNext you need to create admins in Sophos Central (if you haven’t already done so).

There are two kinds of Sophos Central users:

• Users who have their devices protected with Sophos.

• Users with admin roles, who can sign in to Sophos Central and make changes.

Your MTR contacts must be users with admin roles. This lets them sign in to change settings onrequest from the Sophos MTR team. Also we plan to show MTR threat case details in SophosCentral in future: contacts will need to be admins to see them.

To make your contacts admins:

1. Sign in to https://central.sophos.com with admin privileges. Only admins can create and updateusers.

2. If your MTR contact is not a user already, add a new user. Go to People. Click Add and select AddUser.

3. Enter the details of one of your MTR contacts. Select the Role and assign them to a Group.




4. Click Save.

Now continue to the Install Sophos MTR software section.



5 Install Sophos MTR softwareYou need to install the Sophos MTR agent on your devices.

5.1 Install Sophos MTR on Windows, WindowsServer or macOS

Install the Sophos MTR agent on your Windows, Windows Server or macOS computers as follows.

1. In Sophos Central, go to Endpoint Protection > Protect Devices.

2. Download the installers for your endpoint computers (Windows and/or macOS).

3. If you have Windows servers, go to Server Protection > Protect Devices and download theWindows Server installer.

4. Run the installers on your computers.

On the Protect Devices page, click How do I run the installers for endpoints? for advice.

These installers install Sophos MTR automatically, along with any other Sophos components you need.

5.2 Install Sophos MTR on Linux

Install the Sophos MTR agent on Linux as follows.

NoteYou can't install Sophos MTR and Sophos Anti-Virus for Linux on the same device.

1. Go to Server Protection > Protect Devices.

2. Download the installer for Sophos MTR for Linux.

3. Run the installer as root on your Linux devices. For example:

chmod +x SophosSetup.sh./SophosSetup.sh



6 What next?You've fnished setting up Sophos MTR. This is what happens next:

• We'll check your Sophos product setup and policies. We might make recommendations to improvereal-time protection.

• We'll review threat detections and investigate suspicious activity on your network from now on.

• We'll contact you about any serious issues in line with the MTR Response Mode you selected.

NoteIf you're a Sophos MTR Advanced customer, we'll invite you to schedule a "Welcome to SophosMTR" call. In that call, we'll introduce our team, review your MTR service, and discuss yourrequirements.



7 Legal noticesCopyright © 2020 Sophos Limited. All rights reserved. No part of this publication may be reproduced,stored in a retrieval system, or transmitted, in any form or by any means, electronic, mechanical,photocopying, recording or otherwise unless you are either a valid licensee where the documentationcan be reproduced in accordance with the license terms or you otherwise have the prior permissionin writing of the copyright owner.

Sophos, Sophos Anti-Virus and SafeGuard are registered trademarks of Sophos Limited, SophosGroup and Utimaco Safeware AG, as applicable. All other product and company names mentionedare trademarks or registered trademarks of their respective owners.


Response Sophos Managed ThreatContents About this guide.....1

Documents

Transcript of Response Sophos Managed ThreatContents About this guide.....1