Configure Alerting Thresholds in Cloud Console
Allow administrator to configure thresholds for alerts in cloud console. Currently I receive many alerts for non-actionable items such as when a machine reports "Real-time protection has been disabled on a computer." Even though the computer is protected, a shut down or update causes this alert and a few moments later, the protection is OK. I need to be able to adjust this trigger threshold and the same on other items such as out-of date machines, missing updates, PUA detected, etc.
Looking into possible solutions as part of the current roadmap
I do not see any settings for this. 5 years now? This should be an easy quick low hanging fruit change. I now have a rule setup for alerts to be sent to a folder and I do not even look anymore. My new alerts are the End Users calling my cell and usually at 50 at a time. It would be nice to know before the users can't work.
four years and going:(
Tom Wardrop commented
Agreed. It's a problem not just because it's annoying, but because it conditions you to ignore Sophos alerts, so when something that actually does need your attention arises, you risk missing it. A lot products have this problem. Alert spam can do much more harm than good.
How has this been under review for almost 3 years now?
What is the status on this idea?
Erich D. Weihrauch commented
I will vote for this as well.
I'm honestly shocked more people aren't actually voting for this. I'm sure they've been asking but haven't quite gotten to the site to post or vote.
This is really an essential, basic feature especially for an enterprise grade product.
All alert types need to be configurable by admins so that we can set proper thresholds that work with our organizations. The reporting between client and central cloud is often delayed, so the alerts about so and so's device not being encrypted or a service not running is seldom true, and if anything unless someone hasn't updated or restarted for several weeks to a month, I don't need a daily alert that they need to restart the moment they have updated.
Scott Epple commented
Hi Ro - great suggestion. Thanks for sharing.
I’m a new Product Manager here at Sophos, on a mission to learn as much as I can about our customers. I’d love to get 15 minutes of your time for a quick chat to hear more about your experience with Sophos Central.
If you’re up for it, please schedule a time on my calendar: https://calendly.com/scott-epple-sophos/15min
Collin Apodac commented
We need this as well. Sophos has been great at detecting threats but it does get a bit spammy.