Skip to content

Page permalink

Always use the following permalink when referencing this page. It will remain unchanged in future help versions.

https://docs.sophos.com/central/partner/help/en-us/index.html?contextId=alerts

Alerts

Some features might not be available for all partners yet.

You can view and take action on the alerts for your Sophos Central customers that have partner assistance turned on.

Go to Alerts.

The Alerts page lists all the alerts that require your action. We don't show alerts that we've resolved automatically. We show you alerts for the last 90 days from your customers. We show you up to 2500 alerts.

If you want to take action on alerts older than 90 days, you can do that in your customers' Sophos Central Admin accounts.

You can add columns to the table view to show more information. Click the more options icon More options icon. to do this. For example, you can add an alert ID or device type. This helps you filter your alerts or search for specific alerts.

On the Alerts page, you can do as follows:

  • Search alerts
  • Filter alerts
  • Take action against alerts

Search alerts

To search an alert, do as follows:

  1. Click Show filters or use the search bar.

    You can search by device, user, alert category, product, customer, or alert ID.

    Note

    You can't use wildcards or multiple items separated by commas.

  2. Click Apply to see your search results.

  3. (Optional) Click Reset to defaults to restore your changes.
  4. Click Apply.

You can apply filters and then search the filtered alerts. For example, you can filter by malware alerts for specific customers and then search for a specific alert ID.

You can view the details of an alert. To do this, click the drop-down arrow next to the alert.

Take action against alerts

If you want to take action against alerts, use the filter options to find the alerts.

Select the alerts and click Actions.

We show you the actions that are available for all your selected alerts. We don't show you actions that are only available for some of your selected alerts. For example, if a cleanup action is available for some of your selected alerts but not all of them, we don't show you the cleanup action.

This is an example of selecting an action for alerts.

Selecting an alert action.

Depending on the alert type, the following actions are available for alerts:

  • Clear alert: Use this to remove alerts from the list. We don't show the alert again .This action doesn't resolve threats.
  • Clean up virus: Use this to remove malware.

  • Clean up PUA: Use this to remove a Potentially Unwanted Application (PUA).

    Warning

    You only see this action if you've turned off automatic cleanup in your threat protection policies. We recommend you don't do this.

  • Authorize PUA: Use this to authorize a PUA to run on all computers.

Filter alerts

To view alerts for a specific product or threat type, use the filters to refine the alerts we show.

You can also sort the alerts by date or description. You can also search your filtered alerts.

You can filter your alerts as follows:

  • Customer: View alerts for a customer or set of customers.
  • Sort by: Sort alerts by Category, Date, Description, Device name, Product, or Severity.
  • Filter by available action: Use this to view your alerts based on what actions you can take. For example, you can view alerts where you can clean up viruses.
  • Severity: Filter by high, medium, or info alerts.
  • Category: Filter by alert type. For example, you can view malware alerts.
  • Product: Filter by specific Sophos products.
  • Date: Show alerts for a specific date range in the last 90 days.
  • Device name: Filter alerts by specific devices.
  • User: Filter alerts by specific users.
  • Alert ID: Filter alerts by specific alert IDs.

You can combine multiple filter options. For example, you can view alerts for a specific alert ID within a selected date range across all or selected customers.

Click Apply to view your filtered alerts. To reset your filters, click Reset to defaults, then click Apply.

Customize columns

You can customize which columns you want to show on the Alerts page.

Click the Customize column icon Customize column icon..

  • Severity: High, medium, or info alerts.
  • Date: The date when the alert was detected. This column is shown by default.
  • Description: The alert description.
  • Device name: The device name associated with the alert.
  • Category: The alert type. For example, malware.
  • Product: The product name. For example, Server, Endpoint, or Sophos Central.
  • Customer: The affected customer.
  • Data region: The data region. For example, Canada, Japan, or Germany.
  • User: The affected user.
  • Device type: the device type. For example, Server.
  • Alert ID: The unique alert identifier.

Email alert frequency

You can change the frequency of PSA ticket creation for an email alert.

To change the frequency, do as follows:

  1. In the Alert ID column, expand the alert ID.

    Expand the alert ID.

  2. In Email Alert, select a frequency. Use any of the following options:

    • None: No frequency is set, but PSA tickets are still created.
    • Immediately: PSA tickets are created immediately.
    • Hourly: PSA tickets are created once every hour.
    • Daily: PSA tickets are created once a day.
    • Never: PSA tickets won't be created.

    Select a frequency.

You'll see a confirmation at the bottom-left of the Alert page.

Frequency setting updated.

You'll see the PSA ticket creation information below the frequency drop-down only when ticketing is enabled for Autotask or ConnectWise.

The alerts you've set exceptions on are listed on the Exceptions section.

To view the Exceptions section, click the Settings & Policies icon Settings icon., and then click Configure API Alerts.

Tenant picker

If you add an Alerts widget to your custom dashboard, clicking an alert description in the Description column will take you to the Alerts page.

Alerts widget on custom dashboard.

You can use filters or customize the columns to manage the data displayed on the Alerts page.

Export to CSV

This option exports all alerts and ignores alert filters.

You can export all alerts to a CSV file, which you can then view in Microsoft Excel.