Skip to content

Central Overview dashboard

The Central Overview dashboard is the default start page of Sophos Central and lets you see the most important information at a glance.

To open it at any time, go to Dashboards > Central Overview.

The Dashboard consists of these areas.

Most Recent Alerts

Most Recent Alerts shows the latest few alerts. Informational alerts are for information only and don't require you to take action.

Click View All Alerts to see all alerts.

Devices and users: summary

Devices and users: summary shows details of usage and protection for users or protected devices. It also shows the number of unprotected users or devices.

Click on the tabs to see information for each device type or for users.

Click See Report to open a detailed report for the tab you have selected.

Email Security

If you have domains connected with Sophos Gateway and Sophos Mailflow you see one panel for each type of connection. The message categories are the same for each type.

The Email Security Dashboard uses interactive reporting. When you change the time period all the email dashboard areas update immediately. You can select and deselect threat categories in charts to get more detailed information.

You can click on figures to go to other reports, and keep the threat type and time period you select on the Dashboard.

Statistics ribbon

You can click the entries in the statistics ribbon to see details of threats identified and emails scanned for the time period you select. You can click Mailboxes Protected to go to the License Usage Summary.

Activity summaries

The Inbound Activity Summary shows information about the following message categories, as far as possible in the order the scans take place.

  • Realtime blocked: Messages from blocked sending IP addresses.
  • Enterprise blocked: Messages sent from an address already added to the enterprise blocklist (inbound allow/block).
  • Virus: Messages containing viruses.
  • Unscannable: Messages we couldn't scan for threats.
  • Intelix threat: Messages identified as threats by SophosLabs' Intelix service.
  • Malicious URL: Messages containing links on our malicious URLs lists.
  • Impersonation: Messages that fail Impersonation Protection checks.
  • Spam: Messages containing known spam characteristics.
  • Bulk: Newsletters, mailing lists, and other forms of solicited email.
  • Authentication failure: Messages that failed authentication DMARC, SPF or DKIM checks.
  • DLP violations: Messages that violated Data Loss Prevention policies.
  • Legitimate: Messages classified as clean, and therefore delivered.

The Outbound Activity Summary shows information about the following message categories. As far as possible, this is the order in which the scans take place:

  • Virus: Messages containing viruses.
  • Spam: Messages classified as spam.
  • DLP violations: Messages that violated Data Loss Prevention policies.
  • Secure Message: Messages secured by TLS, S/MIME, or Push or Portal Encryption.
  • Legitimate: Messages classified as clean, and therefore sent.

You can hover over the arrow charts to see the number of messages in each threat category.

You can click the legend of a category to select or deselect it. The arrow chart updates to show or hide the relevant categories.

See more detailed reports

You can click on items in the Dashboard to go to straight to more detailed reports. The detailed reports use the time period you've selected on the dashboard, and the threat category you've clicked.

You can click the following items:

Web control

Web control shows statistics for your Web Control protection.

The figures are for threats blocked, policy violations blocked, and policy warnings. There is also a figure for "policy warnings proceeded", which is the number of users who have bypassed a warning to visit a website.

Click on a figure to open a detailed report.