Who at sophos had the bright idea to add an alert to EVERY Central account that has to be acknowledged one-by one?
Does he or she think we don't have enough to do already other than clear alerts that aren't really alerts?
Hello James, Thank you for reaching us, With regards to this acknowledgment of alerts, this is designed to our Sophos central to ensure that any customers won't be acknowledging/allowing any potential…
Hello James, Thank you for reaching us, With regards to this acknowledgment of alerts, this is designed to our Sophos central to ensure that any customers won't be acknowledging/allowing any potential threat that has been detected on any systems which are currently managed by our Central dashboard. We know that it’ll take time especially when there are multiple alerts on a single system that have been detected however Ensuring the safety of each device and your environment is the goal of this feature. For those alerts that you're seeing which isn’t really relevant to be called an alert, we may be able to do something about it like excluding them from your policy to avoid getting them in the future. In addition, said changes have been described in this article, In parallel, we'll be checking this one with our internal team about the alert being generated by this change,
So I would like to chime in here. Yes some of these alerts can be annoying, and it is not the only one. One of my favorites it the alert I get when someone DISCONNECTS from a USER VPN connection (and of course I also get an alert when they connect as well...but disconnect...cmon). I could see this for a site to site that goes down, but not a USER VPN connection. And there is a Notification setting to control that, but it seems that Sophos is ignoring its own settings...I previously opened a support ticket about this very thing and that issue was never resolved. Put in a control, but don't use it...yea that helps. And there are others but, that is not what this particular issue is about.
But in the case of this specific alert regarding new IP Addresses:
1. This does not apply to me or my customers as I don't use Sophos' email filtering, so you think Sophos could check before sending an alert like this.2. The alert has no link which refers to the IP address or to the article mentioned above. So one has to start searching around in the community or contact support to find out what the hell this is in reference to.
All highly inefficient and time consuming. We MSPs have enough to do.
There are some things that Sophos does that doesn't seem to be too well thought out.