This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Email Notifications for Different Alerts to Different Groups - Not Possible?

When malware or a virus is discovered, I want all the members of a particular group emailed.

When a computer is out of date or has a policy apply problem, ie a yellow alert type of item, I want the members of another group emailed.

When someone tries to go to a site they're not allowed as per policy, I want the members of a 3rd group emailed.

I was checking around and I could have sworn I read a few comments saying that this isn't possible to setup. I poke around in my Sophos Central config area and couldn't figure out how to do it.

I absolutely cannot believe that Sophos will tell me - with a straight face - that I can't do this on my Enterprise level antivirus product that I'm spending thousands of dollars a year on.

Please, someone, anyone, prove me wrong and tell me how to change my notification emails.



This thread was automatically locked due to age.
Parents
  • I just recently sent our Sophos representative an email about this very thing! Extremely frustrating that this product doesn't have the simple choice of choosing different notification types per role. I also mentioned that reasons such as this is why when our renewal is up, we'll be looking very strongly at SentinelOne as a replacement. 

  • Yeah, we are also looking into an alternative when our Sophos renewal is up. This product just has too many stupid things going on with it that drive me and my fellow sysadmins nuts. The email issue we've all learned to work with by using filtering, but is still is embarrassing when the CTO gets a HIGH ALERT email from Sophos that is actually just something completely benign. My favorite benign alert is when it sends out the equivalent of a OH MY GOD A COMPUTER IS UNPROTECTED email, which 100% of the time are false alerts triggered by the fact that the client has received an update to the Sophos software, and for the split second the previous Sophos version is removed and the new one starts up, OH MY GOD THAT COMPUTER IS UNPROTECTED!

    Then I get a call from my boss asking about the Sophos alert. I used to be protective of Sophos, tell them yeah, it's the way the software works, I'm asking them to make changes to that false positive, etc. Now I tell my boss how much I hate it too and about how much I'm looking forward to finding a new vendor that has their crap together.

    Other fun things about Sophos that I despise:

    • Constant ignoring of my SLA. I've posted several forum threads about this in the past. I don't even bother using anything but a Severity 1 The Entire System is Down and We Are All Being Crypto-ransomed alert when making any tech support requests, otherwise my request gets the form letter back and then ignored.
    • The admin console looks attractive, but items needing action are buried under menu and sub menu, many of which don't make sense and confuse me to this day after using it regularly a few times a week for a couple of years now.
    • If you offered me $1000 I could not accurately explain the difference between my Sophos Central account, my Sophos MySophos account, my Sophos MyUTM account, and whatever the other place is that I log into to check on on my tech support problems. All I know is that I need 4 bookmarks and 4 different logins and I have to check each of them. It's a cruel joke.
    • The Policy Violators screen is hilariously useless. Looking at it now, I can clearly see that one of the busiest and most stand up people in the company has 207 visits to Adult / Sexually Explicit web sites, absolutely every one of them is a false positive because I work right next to that user and have checked their browsing history and there is absolutely nothing Adult about any of their browsing history. The guy has a desktop and his browser history literally doesn't even have a single visit to his personal mail account or a place to check the weather, let alone surfing porn. It's actually a joke between the two of us, "Oh look Sam, you've been viewing those bad sites again according to Sophos!". There's no way to dig down in Policy Violators or other areas of Sophos, you just get this list of people who have violations without any way to figure out what triggered them. I have 20 users, all of them with 150+ Policy Violations, and absolutely none of them have anything in their browsing history that corresponds to an actual positive, they're all false positives.
    • When you click on a virus or PUA alert, more often than not it takes you to a Search Results page on the Sophos.com web page that has no results. I don't even bother clicking on the virus name that it found because it rarely if ever provides me with any detailed information about what it thinks it found. I'm not exactly digging around on the dark web finding brand new never seen before viruses, every one of the alerts I get are the standard things that I see over and over again yet Sophos apparently has absolutely no information about it. A google search for the virus name brings up more information about it than sophos.com can provide me.

    Anyway, the more I write this, the more I'm convinced that Sophos just isn't the product for me. It's not like every month there's added features or the Dashboard is changed to reflect my complaints, it's just always more of the same without any changes being pushed through.

Reply
  • Yeah, we are also looking into an alternative when our Sophos renewal is up. This product just has too many stupid things going on with it that drive me and my fellow sysadmins nuts. The email issue we've all learned to work with by using filtering, but is still is embarrassing when the CTO gets a HIGH ALERT email from Sophos that is actually just something completely benign. My favorite benign alert is when it sends out the equivalent of a OH MY GOD A COMPUTER IS UNPROTECTED email, which 100% of the time are false alerts triggered by the fact that the client has received an update to the Sophos software, and for the split second the previous Sophos version is removed and the new one starts up, OH MY GOD THAT COMPUTER IS UNPROTECTED!

    Then I get a call from my boss asking about the Sophos alert. I used to be protective of Sophos, tell them yeah, it's the way the software works, I'm asking them to make changes to that false positive, etc. Now I tell my boss how much I hate it too and about how much I'm looking forward to finding a new vendor that has their crap together.

    Other fun things about Sophos that I despise:

    • Constant ignoring of my SLA. I've posted several forum threads about this in the past. I don't even bother using anything but a Severity 1 The Entire System is Down and We Are All Being Crypto-ransomed alert when making any tech support requests, otherwise my request gets the form letter back and then ignored.
    • The admin console looks attractive, but items needing action are buried under menu and sub menu, many of which don't make sense and confuse me to this day after using it regularly a few times a week for a couple of years now.
    • If you offered me $1000 I could not accurately explain the difference between my Sophos Central account, my Sophos MySophos account, my Sophos MyUTM account, and whatever the other place is that I log into to check on on my tech support problems. All I know is that I need 4 bookmarks and 4 different logins and I have to check each of them. It's a cruel joke.
    • The Policy Violators screen is hilariously useless. Looking at it now, I can clearly see that one of the busiest and most stand up people in the company has 207 visits to Adult / Sexually Explicit web sites, absolutely every one of them is a false positive because I work right next to that user and have checked their browsing history and there is absolutely nothing Adult about any of their browsing history. The guy has a desktop and his browser history literally doesn't even have a single visit to his personal mail account or a place to check the weather, let alone surfing porn. It's actually a joke between the two of us, "Oh look Sam, you've been viewing those bad sites again according to Sophos!". There's no way to dig down in Policy Violators or other areas of Sophos, you just get this list of people who have violations without any way to figure out what triggered them. I have 20 users, all of them with 150+ Policy Violations, and absolutely none of them have anything in their browsing history that corresponds to an actual positive, they're all false positives.
    • When you click on a virus or PUA alert, more often than not it takes you to a Search Results page on the Sophos.com web page that has no results. I don't even bother clicking on the virus name that it found because it rarely if ever provides me with any detailed information about what it thinks it found. I'm not exactly digging around on the dark web finding brand new never seen before viruses, every one of the alerts I get are the standard things that I see over and over again yet Sophos apparently has absolutely no information about it. A google search for the virus name brings up more information about it than sophos.com can provide me.

    Anyway, the more I write this, the more I'm convinced that Sophos just isn't the product for me. It's not like every month there's added features or the Dashboard is changed to reflect my complaints, it's just always more of the same without any changes being pushed through.

Children
  • Feeling like we are in the same boat with a lot of what you said. We just recently switched to the Central product last week after using SEC until that time. The idea of more simplistic deployments and newer interface with better reporting at no additional cost sounded very attractive, no brainer. We also were told many things that turned out to be false.

    • Our support engineer mentioned that the transition would be easy, simple, and all of the groups and settings would be transferred to the Cloud (from SEC). This could not be further from the truth. He forgot that I had mentioned that 99.99% of our deployment was macOS (even though he recorded the call and could reference it at any point), all of those cool things that he described, NOT APPLICABLE for the macOS client - only for Windows-based endpoints.
    • He sent me a "how's it doing" email, I've since sent two responses basically detailing where we are in the transition - silence. Nothing. He must be too busy selling Sophos Central to all of his clients.
    • We consistently get the "Failed to protect computer" messages, where only a few services are loaded.
    • I attempted to install Sophos on my Windows-based computer to check out the Intercept-X features. After many failed installation attempts and reboots later - I gave up. I even manually removed registry keys to make it very clean based on another response on the community. Still failed. Before this message, I just reinstalled TrendMicro and it worked the first time. No reboot needed.
    • Email problem already outlined in our previous posts, can't believe that made it past quality control. What if people don't want to get notifications? What do you mean my supervisor has to get a "OMFGZ YOU GOT H@XED" alert while it found something on a flash drive it can't get rid of?
    • Notification in the community last week that having a local cache server might inhibit the installation on macOS endpoints, are you freaking kidding me? Removed cache server and still get failed installs.

    After all of this, I simply couldn't recommend this product to anybody, unless they are a glutton for punishment.