Obtaining notifications from threats
I learned late yesterday afternoon that a client's TZ600 was engaged in threat detection and GAV was doing the blocking.
Below is an excerpt of a screen capture from the Threats Session Logs section in Capture Security Center's Analytics module:
Based on some analysis, this series of events started at approximately 9:30 am and end right before 6:00 pm. In all, 338 alerts were issued.
I'd like to know if there is some way, say after 25 entries, that I could receive an email letting me know that something not necessarily good is going on at the site?
In this case, my client received an email in his "info" account and deleted it. For the rest of the day, the account was unable to connect to the O365 Exchange server.
To solve this, I renamed the OST file and let Outlook recreate it - apparently without the "bad" now delete file.
Just the same, I would really have wanted to have known by 10:00 am that there was a potential problem. Not at 4:30 when my client - exasperated at the end of the day - called me to complain.