Mail alert Virus detection

Simple question but I cannot find the setting in Central:

Where can I enable mail notification for virus found on endpoint?

Currently Sophos Central is sending mails mostly for things we don't care about.  If malware was found - total silence, not even a notification on dashboard.

We have mail notifications enabled for warnings and critical.



Edited TAGs
[edited by: Gladys at 7:06 AM (GMT -8) on 30 Dec 2022]
Parents
  • Hi LHerzog,

    Regarding the options shown on this page, you can find further details here

    The following example gives some good insight into this as well.

    • For example, if 5 endpoints in a customer account trigger an alert of the same type and the frequency setting is set to Daily, only the first alert generated for each endpoint will be sent in that 24-hour span. Any subsequent alerts of the same type will not trigger additional alert emails until that 24-hour period has elapsed. 

    Not all events will generate an alert. Regarding malware detection events specifically, if the detected items are cleaned up automatically, an alert will not be generated as no action is required. If cleanup fails or if user intervention is required, you will receive an alert.

    You can use API's to generate an email based on the events generated in Sophos Central which may work. The following recommended read article was created specific to PUA detections, but can be modified for threat detections.
    - PUA Alerts Handling with SIEM Events API

    Otherwise, you may want to raise a feature request for an option to be made available wherein all threat detections will generate an email alert. 

    Kushal Lakhan
    Team Lead, Global Community Support
    Connect with Sophos Support, get alerted, and be informed.
    If a post solves your question, please use the "Verify Answer" button.
    The New Home of Sophos Support Videos!  Visit Sophos Techvids
Reply
  • Hi LHerzog,

    Regarding the options shown on this page, you can find further details here

    The following example gives some good insight into this as well.

    • For example, if 5 endpoints in a customer account trigger an alert of the same type and the frequency setting is set to Daily, only the first alert generated for each endpoint will be sent in that 24-hour span. Any subsequent alerts of the same type will not trigger additional alert emails until that 24-hour period has elapsed. 

    Not all events will generate an alert. Regarding malware detection events specifically, if the detected items are cleaned up automatically, an alert will not be generated as no action is required. If cleanup fails or if user intervention is required, you will receive an alert.

    You can use API's to generate an email based on the events generated in Sophos Central which may work. The following recommended read article was created specific to PUA detections, but can be modified for threat detections.
    - PUA Alerts Handling with SIEM Events API

    Otherwise, you may want to raise a feature request for an option to be made available wherein all threat detections will generate an email alert. 

    Kushal Lakhan
    Team Lead, Global Community Support
    Connect with Sophos Support, get alerted, and be informed.
    If a post solves your question, please use the "Verify Answer" button.
    The New Home of Sophos Support Videos!  Visit Sophos Techvids
Children
  • So if one is downloading malware all day or an undetected trojan does load malware that is detected by Endpoint, you will never know.

    Well, that is something of a bad feature.

    Of course, my opinion is that this should work out of the product - admins should be able to decide if they want such mail or not. Strange approach to try that with external request via API.

    That Alert dashboard completely hides malware detections.

    Most of it is completely useless alerts (especially the RED alerts) or alerts that have self-healed just after they appeared.