Sophos Ideas / Endpoint Protection

Endpoint Protection

Suggest, discuss, and vote on new ideas for Sophos Endpoint Protection. Comprehensive security for users and data

Suggest an Idea...

← Endpoint Protection

Configure Alerting Thresholds in Cloud Console

Allow administrator to configure thresholds for alerts in cloud console. Currently I receive many alerts for non-actionable items such as when a machine reports "Real-time protection has been disabled on a computer." Even though the computer is protected, a shut down or update causes this alert and a few moments later, the protection is OK. I need to be able to adjust this trigger threshold and the same on other items such as out-of date machines, missing updates, PUA detected, etc.

35 votes

We're glad you're here

Please sign in to leave feedback
Signed in as (Sign out)
Close
Close

We’ll send you updates on this idea

Ro shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

8 comments

We're glad you're here

Please sign in to leave feedback
Signed in as (Sign out)
Close
Close
Submitting...
An error occurred while saving the comment
  • John commented  ·   ·  Flag as inappropriate

    I do not see any settings for this. 5 years now? This should be an easy quick low hanging fruit change. I now have a rule setup for alerts to be sent to a folder and I do not even look anymore. My new alerts are the End Users calling my cell and usually at 50 at a time. It would be nice to know before the users can't work.

  • Tom Wardrop commented  ·   ·  Flag as inappropriate

    Agreed. It's a problem not just because it's annoying, but because it conditions you to ignore Sophos alerts, so when something that actually does need your attention arises, you risk missing it. A lot products have this problem. Alert spam can do much more harm than good.

  • Erich D. Weihrauch commented  ·   ·  Flag as inappropriate

    I will vote for this as well.

    I'm honestly shocked more people aren't actually voting for this. I'm sure they've been asking but haven't quite gotten to the site to post or vote.

    This is really an essential, basic feature especially for an enterprise grade product.

    All alert types need to be configurable by admins so that we can set proper thresholds that work with our organizations. The reporting between client and central cloud is often delayed, so the alerts about so and so's device not being encrypted or a service not running is seldom true, and if anything unless someone hasn't updated or restarted for several weeks to a month, I don't need a daily alert that they need to restart the moment they have updated.

  • Scott Epple commented  ·   ·  Flag as inappropriate

    Hi Ro - great suggestion. Thanks for sharing.

    I’m a new Product Manager here at Sophos, on a mission to learn as much as I can about our customers. I’d love to get 15 minutes of your time for a quick chat to hear more about your experience with Sophos Central.

    If you’re up for it, please schedule a time on my calendar: https://calendly.com/scott-epple-sophos/15min

    Thanks,
    Scott

Endpoint Protection: Cloud Console

Categories

Feedback and Knowledge Base

(thinking…)
icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.