Simple question but I cannot find the setting in Central:
Where can I enable mail notification for virus found on endpoint?
Currently Sophos Central is sending mails mostly for things we don't care about. If malware was found - total silence, not even a notification on dashboard.
We have mail notifications enabled for warnings and critical.
Hi LHerzog,
Regarding the options shown on this page, you can find further details here.
The following example gives some good insight into this as well.
Not all events will generate an alert. Regarding malware detection events specifically, if the detected items are cleaned up automatically, an alert will not be generated as no action is required. If cleanup fails or if user intervention is required, you will receive an alert.
You can use API's to generate an email based on the events generated in Sophos Central which may work. The following recommended read article was created specific to PUA detections, but can be modified for threat detections.
- PUA Alerts Handling with SIEM Events API
Otherwise, you may want to raise a feature request for an option to be made available wherein all threat detections will generate an email alert.
So if one is downloading malware all day or an undetected trojan does load malware that is detected by Endpoint, you will never know.
Well, that is something of a bad feature.
Of course, my opinion is that this should work out of the product - admins should be able to decide if they want such mail or not. Strange approach to try that with external request via API.
That Alert dashboard completely hides malware detections.
Most of it is completely useless alerts (especially the RED alerts) or alerts that have self-healed just after they appeared.
