Thread Info
  • State Not Answered
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 17 replies
  • Subscribers 41 subscribers
  • Views 3352 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos XG too many Notification IPS and Malware over Mail

Simplified Sam

Hello,

i am reciving many Notifications like

Message:
BROWSER-IE Microsoft Internet Explorer XSS filter bypass attempt

Mostly i look up it has something to do with some kind of advertisement api from google or other cloud services. (There are other messages types too)

Now with 60 Users my mailbox gets very much full in no time, about 300 notifications sometimes in one minute.

First of all, these notifactions are not helping much, if i get them, its probaly blocked then right? And if i want check it, i would atleast need a IP-Adress or computername who is causing the trouble, after that i would look up what they were doing. So basically i could spare some work time if this information was already on the e-mail.

And option to group the mails would be nice than too, like if 200 mails of same source/alerttype only one will be send the next 5 secounds?

Adding notification excpetion would be also nice, like dont send or group after minute for specific alert message. (Example the above one is for internet explorer, nobody use that here anymore, but the ips scanns for all browser types sadly)



This thread was automatically locked due to age.
Parents
  • 0

    I vote this one up.

    Mail notifications of XG/S is something we WANT but it is a pain that Sophos does not limit mailing for the same events. This has been possible on SG / UTM though.

    So please implement something for the admin to limit mail notifications for the same events to lets say 5 per minute and make the value adjustable.

    And if you may modify mail notifications, please finally bring the source IP into that mail. Without this information the mails are just spammy.

    Also I noticed a lot more IPS detections in v19.0.1 compared to 18.5.4. -> even more mails in my inbox.

Reply
  • 0

    I vote this one up.

    Mail notifications of XG/S is something we WANT but it is a pain that Sophos does not limit mailing for the same events. This has been possible on SG / UTM though.

    So please implement something for the admin to limit mail notifications for the same events to lets say 5 per minute and make the value adjustable.

    And if you may modify mail notifications, please finally bring the source IP into that mail. Without this information the mails are just spammy.

    Also I noticed a lot more IPS detections in v19.0.1 compared to 18.5.4. -> even more mails in my inbox.

Children
No Data
Unfiltered HTML