---
title: 'Sophos Alert: Core clean up failed'
description: Datadog, the leading service for cloud-scale monitoring.
breadcrumbs: 'Docs > Datadog Security > OOTB Rules > Sophos Alert: Core clean up failed'
---

# Sophos Alert: Core clean up failed

{% alert level="danger" %}
This rule is part of a beta feature. To learn more, [contact Support](https://docs.datadoghq.com/help/).
{% /alert %}
Classification:attackTactic:[TA0002-execution](https://attack.mitre.org/tactics/TA0002)Technique:[T1059-command-and-scripting-interpreter](https://attack.mitre.org/techniques/T1059) 
## Goal{% #goal %}

Identify and act on 'Core Clean Failed' events from the same endpoint to address potential security concerns.

## Strategy{% #strategy %}

Capture and alert on 'Core Clean Failed' alerts generated by Sophos Central Cloud for any endpoint.

## Triage and response{% #triage-and-response %}

1. Examine the specific alert type `{{@log_message.type}}` and the threat status `{{@log_message.data.threat_status}}`, noting the assigned severity `{{@log_message.severity}}`.
1. Implement the recommended action detailed in `@log_message.description` to resolve the issue.