More detailed information in logs, reports
I have several items that would make Sophos Email gateway more useful.
1. A detailed report showing what Sandstorm actually caught. From an admin's point of view just knowing something happened is not useful. If I had an idea of where a message came from and why it tripped Sandstorm, I could possibly make adjustments to protect us better in the future.
2. A clear reason on the summary page on why a message was deleted or quarantined would be helpful. While you can usually figure it out in the message source information, that is not very time efficient. It would be nice to know if it was blocked due to IP reputation, virus, etc.
3. It would be helpful if you could pull the details in the reports. For instance if you filtered down to viruses, it would be helpful to click on that and get the details for the date range on which emails where caught with viruses, etc.
This would be wonderful. Currently there are key pieces of information missing.
I'd like to see all of the detail also encapsulated in the SIEM API as well.