Apologies if this has already been answered but i couldnt find an answer on here.
We are a partner and have partner portal access to all our customers - great
However, we arent getting alerts to high severity events so far. An example is ransomware being blocked. Now I know by design we shouldnt get an alert because Sophos has dealt with it on the endpoint but is there a way of changing that behaviour so if a high severity event is generated, regardless of it being automatically dealt with or not that we can be emailed?
We want to monitor the events but as a partner going into each customer's central portal manually is a nightmare plus being proactive helps our customers even if its been dealt with.
I looked in Global Settings, Email alerts for each customer, we've added our email address but there doesnt seem to be a way to override the behaviour and say send ALL high severity alerts.
Appreicate any advice in advance given
If you wish to receive email notifications whenever a high alert/event is generated, I suggest using the SIEM Integration API. This will allow you to set up triggers for any event or alert from Sophos Central.
The following Recommended Read article also provides a good starting point. - PUA Alerts Handling with SIEM Events API