Receive alerts when user views blocked or warned website.

Is there away to enable alerts to trigger when someone attempts to view a blocked or warned website in Sophos Central.

  • Hello  

    Sorry, but no. Alerts are a smaller subset of all Events that get reported back into Central Admin. Only Events that are outstanding/ require administrator action will become an Alert. An exception to this rule is 'Missing Services' Events. This type of outstanding event, currently will *not* be subsequently triggered as an alert (since ~July 2018). The events for missing services are still recorded in Central. Events that are resolved automatically are not shown. To view all events such as events from Web Control, go to Logs & Reports > Events.

  • You can connect Sophos Central to your SIEM via syslog - the events tagged "Event::Endpoint::WebControlViolation" will have the information that you need.  

    You can learn how to integrate to your SIEM here:  https://community.sophos.com/kb/en-us/125339

    You can see other event types here:  https://community.sophos.com/kb/en-us/132727