Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 7 replies
  • Subscribers 30 subscribers
  • Views 628 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Central Alerts disappear after acknowledgement?

Wayne Folta

[Is there really no Sophos Central User Forum? Just an API forum?]

When you click to Acknowledge an Alert on Sophos Central (SC) for a Firewall that's being managed by SC, it disappears and there appears to be no way to retrieve it. The best I can do is to find an entry in Admin logs saying that I acknowledged it. Am I missing something?

This is critically important for things like debugging. For example, it's not unusual to get an Alert that the Gateway went down and then came back up. So I Acknowledged them. Then figured out that this may have caused a long-running bug I'm working with Sophos Support on. OK, I can just go back and find when the GW went down to see if the bug started then... oops, can't find the Alerts anymore.



This thread was automatically locked due to age.
Parents
  • 0

    there is

    about your question: yes, I stumbled over that multiple times. Either we both miss something ot it just disappears.

  • 0 in reply to LHerzog

    Oops, I used the term "Notification" when I meant "Alert". I've corrected the original post.

  • 0 in reply to LHerzog

    I never see any Acknowledged alerts there. Once acknowledged, they disappear. Is there some setting that keeps them visible once acknowledged? (Or preferably gives the ability to see previously-acknowledged if you really want, but mostly shows unacknowledged. Sort of like reading emails: you want to distinguish read from unread and you want to focus on reading. You don't want to automatically delete read emails.)

  • +1 in reply to Wayne Folta

    You should see them in Events as well, as Alerts are some sort of important Events. 

    But no, if you acknowledge an alert, it is deleted. 

    You can also work with the Central API and copy them to your system and do what ever you want with them. 
    Email is also possible and store the Alerts. 

    __________________________________________________________________________________________________________________

  • 0 in reply to LuCar Toni

    What a sad answer. I'll have to look into the Central API. Email is sketchy since I'm finding it very hard to find an SMTP server that will allow the Sophos to send email through it (and I don't subscribe to Email for the firewall which might or might not solve this problem or might make other solutions more difficult).

    What would probably be best is to keep all Alerts but allow a filter on Acknowledged. Second best would be to allow the integration of Alerts/Events into cloud (Azure, Google. AWS) event processing systems.

Reply
  • 0 in reply to LuCar Toni

    What a sad answer. I'll have to look into the Central API. Email is sketchy since I'm finding it very hard to find an SMTP server that will allow the Sophos to send email through it (and I don't subscribe to Email for the firewall which might or might not solve this problem or might make other solutions more difficult).

    What would probably be best is to keep all Alerts but allow a filter on Acknowledged. Second best would be to allow the integration of Alerts/Events into cloud (Azure, Google. AWS) event processing systems.

Children
No Data
Unfiltered HTML