We used to use SEC and this all worked fine. We mainly used to use Email notifications to monitor when users were plugging in USB devices, and it also used to send us an email detailing which files had been copied.
When we moved to Sophos central, it appeared it might have been lesser functionality but atleast there was some functionality but for us atleast it simply doesn't at all.
In Global Settings > Configure email Alerts we have tested just leaving it default, then we have tried custom rules with internal and external email address but Sophos never ever sends any emails.
We have tested Setting High Alert, Medium and Info from hourly, daily to Immediately and still nothing is ever sent.
If I look at a person or device I can see events are getting logged but no emails are ever generated.
If I change settings in Peripheral control such as making devices read only, or change desktop messaging these settings are all reflecting ok on the clients. Plugging a USB device in creates an Informational Event entry which should send an email ... but doesn't
Any advice, because for now its almost useless, especially if we do encounter ransom or malware and sophos system doesn't work right.
I ofc have checked things like spam folders, but tbh I have also do Mail flows on o365 and that doesn't show any emails ever arriving from Sophos.
To make this harder to resolve, in April we did actually get one email from Sophos central. We had cloned a HDD and sophos central sent a medium alert email saying "We detected a clone device". So we know emails aren't getting blocked by us, its simply sophos never sending any thing.
This thread was automatically locked due to age.