Disable Mail Notification only for Third-Party Active Threat Response

Question

Hello Sophos Community, 
 Recently, I added some IP blocklists to the new V21 Third-Party Threat Feed feature. Some blocklists include a significant amount of content, which means it&rsquo;s highly likely that flagged destination IP addresses will appear in the threat feed. As a result, I&rsquo;m now receiving a large number of email notifications indicating that a threat has been detected. 
 I would like to continue receiving email notifications for default Sophos Active Threat Response events (Sophos X-Ops & MDR), but notifications for Third-Party Threat Feed events are not necessary for me. Is it possible to separate these notifications or manage them in a more granular way? 
 At the moment, it seems like everything is grouped together&mdash;MDR, Sophos X-Ops, and Third-Party Threat Feed 
 Does anyone have any ideas on how I can address this? 
 Thanks for your help!

Vishal_R · Answer

Hi Speedfish Thank you for reaching out to the Sophos community team. Based on shared details it seems you are looking for a separate checkbox for Email notification for 3rd party thread feed. Unfortunately on the GUI as of now no such settings or options are there to define it separately and it applies to all 3 [MDR, Sophos X-Ops, and Third-Party Threat Feed] in terms of Email alerts. You can submit your Feature Request using the in-product feedback in the Sophos Firewall, located in the Top Menu Bar. You can also log a support case to raise a feature request which you can track it later with your channel account manager/local sales representative or TAM.

Disable Mail Notification only for Third-Party Active Threat Response

Top Replies