This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SMTP Email Alerts from Client machines

Hi Everyone,

I don't know if anyone else has noticed this, but All client based alerts tend to come from the client machine via SMTP traffic.

While I understand the design to a degree, I think this option should be configurable to allow for these alerts to also come from the endpoint solution.

My company is currently trying to lock down traffic and with the current configuration of Sophos alerts we have to keep SMTP traffic open for all client machines.

If there were an option to have the Endpoint Server send the email alerts we could improve our companies security.

Thoughts?

How can we have Sophos make this change?

Thanks,

Matt

This thread was automatically locked due to age.

0 QC over 12 years ago

Hello Matt,
IIRC the email alerts predate SEC and IMO are of limited use (they really make sense only if you get just a few of them during the day). There are other ways to "call for action" - first the console itself which will show "persistent" alerts only - i.e. those detections which haven't been satisfactorily dealt with on the client (note that you might get an email alert for a threat which is subsequently cleaned up on the client). If you want (semi-)automated responses SNMP is probably the better choice. "Outside" Sophos you could also forward the Windows events. Furthermore sending an email for every alert might cause performance problems on the management server.
Christian
:25809
Cancel
Vote Up 0 Vote Down

Cancel