Mail Alerting in Sophos Central?

Intercept X Exploit detection and CryptoGuard events that result in the malware being terminated will generate events. The information that gets forwarded to admins are alerts. The key difference is an Event does not require admin action where an Alert does.   Events at this time do not get forwarded to admin accounts, as the number of events generated even in relatively small deployments can be very frequent.  user browsing to a known malicious site, ransom attack thwarted, Malware download prevented. All of these are block events where the problem has been resolved.  Alerts include things like Reboot required to complete the removal of malware, or devices out of compliance to policy.

I will pass on to our User Experience Design team the desire to have an option to get an email notification on events. I suspect such notification controls should allow the admin to identify the types of events they want to get emailed about, and perhaps the ability to set this as a daily notification with a summary of such events over the last period of time.

Also we are looking at generating ALERTS for HIGH priority Incident reports (RCA Threat Analysis).  We determine the priority of an RCA incident report by looking at the nature of the event detected, the inclusion and number of productivity documents that may have been involved and some other factors. When we generate a HIGH priority RCA incident the expectation is that an admin should investigate and review the artifacts and visualize information to determine if more actions are warranted.   All of this will become easier over the next several months as we add more features to the Root Cause Analysis section where admine review incidents.