Alerts are not customiziable and need major upgrades.
Clearing alerts, It would be best if I don't have to manually select all 500 alerts and acknowledge them. What would be better would be a section for me to select what categories to be alerted. I seriously don't care if a reboot is required after a software update. The computer will restart when it restarts. At this point the alerts are useless to me. Another idea would be the next time the computer scans and doesn't find a threat or issue, that the alert gets cleared. It's a lot of manual labor...
“Grouping” functionality has been added to the alerts page, along with other filters.
Wil Burns commented
Enterprise environment that gets 400+ alerts a day. 300 of which I really dont care about. I cant even begin to count the number of alerts for Out of Policy Compliance on Policies that are NOT in use.
One of the features that sold us on Central was the automation that it has. So far, that automation (outside of Sync Security) is non existent. API is useless, no way to auto assign servers to server groups, etc.
Its almost easier to forego Central alerting and use Splunk.
Could not agree more. I have 119 alerts for "PC requires a reboot".
All computers in my domain reboot every Sunday morning.
I could NOT be bothered clicking 119 times just to acknowledge something that will just come back next time there's an update anyway
The title of this idea doesn't clearly reflect the description. The description looks similar to this idea:
Would be nice to combine voting for this. (to attract Sophos attention).
I completely agree that this is a critical feature which is missing.
Agreed. In larger environments a lot of alerts are generated for multiple reasons. A multi select to acknowledge would be great.