Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 7 replies
  • Subscribers 30 subscribers
  • Views 657 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Central Alerts disappear after acknowledgement?

Wayne Folta

[Is there really no Sophos Central User Forum? Just an API forum?]

When you click to Acknowledge an Alert on Sophos Central (SC) for a Firewall that's being managed by SC, it disappears and there appears to be no way to retrieve it. The best I can do is to find an entry in Admin logs saying that I acknowledged it. Am I missing something?

This is critically important for things like debugging. For example, it's not unusual to get an Alert that the Gateway went down and then came back up. So I Acknowledged them. Then figured out that this may have caused a long-running bug I'm working with Sophos Support on. OK, I can just go back and find when the GW went down to see if the bug started then... oops, can't find the Alerts anymore.



This thread was automatically locked due to age.
Parents Reply
  • 0 in reply to LuCar Toni

    What a sad answer. I'll have to look into the Central API. Email is sketchy since I'm finding it very hard to find an SMTP server that will allow the Sophos to send email through it (and I don't subscribe to Email for the firewall which might or might not solve this problem or might make other solutions more difficult).

    What would probably be best is to keep all Alerts but allow a filter on Acknowledged. Second best would be to allow the integration of Alerts/Events into cloud (Azure, Google. AWS) event processing systems.

Children
No Data