Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 1 subscriber
  • Views 10452 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Clearing Firewall events and history

SteveG

HI,

Something that I am starting to find very irritating is the fact that firewall events even after the creation of a rule do not dissapear from the console. This makes it extremely difficult to see what is current without getting lost in the detail produced by all the endpoints managed by the console.

The ability to clear events that have been delt with in the same way as we clear errors would be most helpful in a future release to make it easier to work through them.

:26817


This thread was automatically locked due to age.
  • 0

    Thanks for that.

    That does seem a very long winded method to get there though.

    From my perspective it just baffles me why we cannot clear out the firewall event alerts (such as new application detections) in the UI the same as the other "alerts and errors" which seem to happen less frequently.

    It would be nice if Sophos considered making it possible to clear all alerts from the console just as easily as the others in future.

    :26869
  • 0

    Hello SteveG,

    IIRC I have made this suggestion the first time I've encountered it in one of the Betas. 

    The difference is that these are Events, not alerts or errors. To change the behaviour would require an additional atribute (like outstanding). But it is not that simple. Assume you create a rule for one of many identical events - you probably expect that all of them are flagged as dealt with, won't you? Or just those on the results list?

    And while this is still not too complicated consider a blocked connection (which includes a specific remote address) event. So you create a rule permitting any address, or any application. Now what with those events which would not have occurred had the rules already been in place (the rule doesn't exactly match even the event from which it has been created)? Well, I don't have a good idea how to handle this although I'd welcome a solution.

    Christian

    :26871