Skip to content

Alerts

Some features might not be available for all partners yet.

You can view and take action on the alerts for your Sophos Central customers that have partner assistance turned on.

Go to Alerts.

The Alerts page lists all the alerts that require your action. We don't show alerts that we've resolved automatically. We show you alerts for the last 90 days from your customers. We show you up to 2500 alerts.

If you want to take action on alerts older than 90 days, you can do that in your customers' Sophos Central Admin accounts.

You can add columns to the table view to show more information. Click the more options icon More options icon. to do this. For example, you can add an alert ID or device type. This helps you filter your alerts or search for specific alerts.

On the Alerts page, you can do as follows:

  • Search alerts
  • Filter alerts
  • Take action against alerts

Search alerts

Click Show filters to show the search option. Click Apply to see your search results. To reset your search, click Reset to defaults and then click Apply.

You can search by device, user, alert category, product, customer, or alert ID. You can't use wildcards or multiple items separated by commas.

You can apply filters and then search the filtered alerts. For example, you can filter by malware alerts for specific customers and then search for a specific alert ID.

You can view the details for an alert. To do this, click the drop-down arrow next to an alert.

Filter alerts

To view alerts for a specific product or threat type, use the filters to refine the alerts we show.

You can also sort the alerts by date or description. You can also search your filtered alerts.

You can filter your alerts as follows:

  • Customer. Use this to view your alerts for a customer or set of customers.
  • Filter by available action. Use this to view your alerts by the action you can take. For example, you can view alerts where you can clean up viruses.
  • Severity. Use this to view your high, medium, or info alerts.
  • Category. Use this to view an alert type. For example, you can view malware alerts.
  • Product. Use this to view alerts for a specific Sophos product.
  • Date. Use this option to show alerts for a specific date range in the last 90 days.
  • Device name. Use this to view alerts for specific devices.
  • User. Use this to view alerts for specific users.
  • Alert ID. Use this to view alerts for a specific alert ID.

You can use combinations of the filter options. For example, you can view alerts for an alert ID in a date range for all or some of your customers.

Click Apply to view your filtered alerts. To reset your filters, click Reset to defaults and then click Apply.

Take action against alerts

If you want to take action against alerts, use the filter options to find the alerts.

Select the alerts and click Actions.

We show you the actions that are available for all your selected alerts. We don't show you actions that are only available for some of your selected alerts. For example, if a cleanup action is available for some of your selected alerts but not all of them, we don't show you the cleanup action.

This is an example of selecting an action for alerts.

Selecting an alert action.

The following actions are available for alerts, depending on the alert type.

  • Clear alert: Use this to remove alerts from the list. We don't show the alert again .This action doesn't resolve threats.
  • Clean up virus: Use this to remove malware.
  • Clean up PUA: Use this to remove a Potentially Unwanted Application (PUA).

    Warning

    You only see this action if you've turned off automatic cleanup in your threat protection policies. We recommend you don't do this.

  • Authorize PUA: Use this to authorize a PUA to run on all computers.

Export to CSV

This option exports all alerts and ignores alert filters.

You can export all alerts to a CSV file, which you can then view in Microsoft Excel.