ATP: Send alert on ATP incident
A customer has requested be below:
I like the new Advanced Threat Protection applet on the Sophos web filtering management appliance but I think that it would be very useful to add a system alert for Threat Detected.
We have several SMAs that manage web filtering across several different environments so it would be very useful to receive an email when a new threat has been detected instead of having to manually visually check each SMA.
sanju shrestha commented
Case 7126975 : requesting for this feature
A simple alert email notification about this event would have prevented the attack on us as we could have taken action, or even just automatically quarantine the suspect machine if the appliance detects an infected host. Not looking at the web appliance every minute, a report telling there have been infected hosts once the event has past has no real use for us.
Anyways it’s just a suggestion for development, because if there is an element of the appliance which is picking up activity such as this (and could have done
a lot more damage to us) that notification alert would be really useful