Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

Obtaining notifications from threats

LarryLarry All-Knowing Sage ✭✭✭✭

I learned late yesterday afternoon that a client's TZ600 was engaged in threat detection and GAV was doing the blocking.

Below is an excerpt of a screen capture from the Threats Session Logs section in Capture Security Center's Analytics module:

Based on some analysis, this series of events started at approximately 9:30 am and end right before 6:00 pm. In all, 338 alerts were issued.

I'd like to know if there is some way, say after 25 entries, that I could receive an email letting me know that something not necessarily good is going on at the site?

In this case, my client received an email in his "info" account and deleted it. For the rest of the day, the account was unable to connect to the O365 Exchange server.

To solve this, I renamed the OST file and let Outlook recreate it - apparently without the "bad" now delete file.

Just the same, I would really have wanted to have known by 10:00 am that there was a potential problem. Not at 4:30 when my client - exasperated at the end of the day - called me to complain.

Thanks!

Category: Capture Security Center
Reply

Best Answer

Answers

  • LarryLarry All-Knowing Sage ✭✭✭✭
    edited August 2020

    Thanks, that works - except for the threshold part. I guess if I had that set, I would have received 300+ emails over the course of the day.


    Unanswered in the documentation is what the "Priority level" means. Is it supposed to match the purported threat level priority?


    And as far as a global solution, NSM 2.0 is supposed to have templates, but I believe that is for device configuration only. If not available for this, it's going to require an RFE for version 2.5...

Sign In or Register to comment.