Skip to content

Alerts

You can view and take action on the alerts raised by Sophos Cloud Optix.

On the Alerts page, you can do as follows:

  • Filter alerts
  • View alert details
  • View alert trends
  • Suppress alerts
  • Create an incident ticket
  • Export alerts to a CSV file

Filter alerts

To view alerts with a specific priority, click the tile for Critical Alerts, High Alerts, Medium Alerts, or Low Alerts at the top of the page.

You can filter your alerts as follows:

  • Alert ID: View alerts for a specific alert ID.
  • Ticket ID: View alerts related to a Jira or ServiceNow ticket ID.
  • Severity: View your critical, high, medium, or low alerts.
  • Environment: View specific cloud environments.
  • Type: View alerts for specific types, for example Compliance or Anomaly.
  • Last Updated: View when the alert was last updated with additional information, for example, new resources affected.
  • Provider: View alerts for specific providers, for example AWS or GCP.
  • Compliance Tag: View alerts relevant to a specific compliance framework.
  • Mitre Technique: View alerts specific to a MITRE ATT&CK technique, for example resource hijacking.

You can use combinations of the filter options. For example, you can filter by Ticket ID, Environment, Type, Provider, Compliance Tag, and date range.

Click OK to view your filtered alerts. To reset your filters to the defaults, click Reset.

View alert details

You can click any alert on the Alerts page to view its detailed information, guided remediation steps, and affected resources.

Each alert provides remediation steps to resolve that alert. When the alert is resolved, it's closed automatically and no longer be visible on the Alerts page.

Sophos Cloud Optix lets you suppress alerts or create incident tickets with systems like Jira or ServiceNow. The integration helps you handle and document responses efficiently for a more organized incident resolution.

In the details page of the alert, you can suppress the alert, select the affected resources, and provide comments if needed. For more information about suppressing alerts, see Suppress alerts.

You can create an incident ticket for Jira or ServiceNow by clicking the Create Ticket drop-down list. For more information about creating incident tickets, see Create an incident ticket.

You can generate a comprehensive overview of your alerts over time, allowing you to observe patterns, spikes, and trends in alert volumes.

To do this, click Trend. You'll see the Alerts Over Time graph.

You can select the graph's time range and the specific metrics you want to see, such as alert type, environment, and severity.

You can also customize the graph using a Logarithmic scale and Stacked view, where you can see differences between low and high-severity alerts, as it helps you analyze and interpret the data effectively.

Suppress alerts

You can suppress an alert if the issue identified isn’t relevant in your environment or if there's a business reason to accept and not address the issue.

To do this, select the alerts you want to suppress and click Suppress Alerts. Note that a maximum of ten alerts can be suppressed at a time.

To clear your selections, click Clear. You can then select other alerts.

You can turn on Show Suppressed Alerts to see the suppressed alerts.

Create an incident ticket

You can easily create incident tickets from Sophos Cloud Optix alerts by integrating Cloud Optix with platforms like Jira, ServiceNow, and other supported third-party systems.

Before you start, make sure that you configure either of the following integrations:

If you're using other third-party integrations, see Integrations.

To create a ticket in Jira, do as follows:

  1. In Sophos Cloud Optix, go to Alerts.
  2. Click an alert's ID to open its details.
  3. Click Create Ticket.
  4. Click Jira.
  5. (Optional) Enter any comments for the Jira ticket and then click OK.

The ticket is now raised in Jira, and a ticket ID is generated, as shown on the alert's details page.

To create a ticket in ServiceNow, do as follows:

  1. In Sophos Cloud Optix, go to Alerts.
  2. Click an alert's ID to open its details.
  3. Click Create Ticket.
  4. Click Service Now.
  5. (Optional) Enter any comments for the ServiceNow ticket and then click OK.

The ticket is now raised in ServiceNow, and a ticket ID is generated, as shown on the alert's details page.

Export alerts to a CSV file

This option exports all alerts and ignores alert filters.

You can export all alerts to a CSV file, which you can view in Microsoft Excel.

Choose from the following export options:

  • Consolidated: Exports the alerts with all affected resources in one row, providing a unified view with one alert ID.
  • By Affected Resources: Exports the alerts grouped by affected resources, breaking down each affected resource individually.
  • By Affected Resources Consolidated: Exports the alerts by affected resources, with all alerts in one row for resources with multiple alerts.