Is there a setting to clear alerts? I have alaerts that are piling up and staying in the list for days (up to 100 alerts in one category right now). How do I clear them or archive them to view just "current/today's" alerts?
The alerts shown on the alerts tab are for the past 48 hours. Once they're older than 48 hours they're automatically purged.
You can use the buttons at the top of the alerts list to resort the alerts by 'recent' so that the latest alerts are at the top of each list. I believe this is the default sort order as well.
Unfortunately we don't have a great way to clear all alerts for a certain category in the current production release. However, in our latest beta release, the process of editing and saving an existing alert will dismiss any existing alerts for that alert type.
You can also dismiss alerts one by one (hover over | Dismiss) but this is obviously a bit of a pain.
If you restart the Fastvue Sophos Reporter service, this will clear all alerts. It will also clear the existing information on the dashboard.
If you're being 'spammed' with certain alerts, I recommend editing the Alert's settings and increasing the thresholds to something more reasonable. For example, the default 'Unproductive Browsing' alert is set to: Total Bytes 'Greater than' 30 MB AND Productivity 'Equal to' 'Unproductive' AND Action 'Equal to' Pass In a time window of 0 hours 30 minutes and 0 seconds.
In other words, "alert me when someone downloads more than 30 MB from unproductive websites in less than 30 minutes".
You can therefore try increasing this to 50 MB, or decreasing the time window to 15 minutes.
Or perhaps there are sites or categories in these alerts that you really don't care too much about. If so, add a filter for Category 'Not equal to' Shopping (or whatever category you want to exclude)
Hopefully you can find the right thresholds and values to alert you to the items you need to know about.
One last thing - we do have an undocumented API that you could potentially use to dismiss alerts if you want to write some code, or use a REST client like Postman (http://www.getpostman.com/) or Insomnia (http://insomnia.rest/). Let me know if you're interested in that route and I'll send you the API calls you can make.
Thanks - my issue was actually that after I changed a bunch of alerts to be "less" the old results were still showing up and making it difficult to view any new results coming in. Now that it's been 48-hours it's much better.
One thing with the "total bytes" filters / table headers: I have a current alert for "Downloads > X" based off one of the default alerts. This alert was generating hundreds of alerts so I modified the download amount to be larger and set a time so it only alerted if X size was downloaded within a 1-hour time period. Now I am receiving about 15 alerts a day which is much easier to look through.
My only issue is with this alert it's still hard to see what the downloads really were for size. If I click on one of the alerts it gives me the table with the user, url, total bytes, IP, etc. as I have configured. I'd really want to know what the top downloads for byte size were during that alert result so I sort by the "Total Bytes". This is actually sorting by the number, not accounting for the difference in bytes VS KB vs MB vs GB. For example right now if I sort by Total Bytes, the top result (largest) "Byte" is 984 bytes, coming before any others, including one for 138 MB. One of my alert results may have anywhere from 500 to 1500 entry lines so going through all of those to try to find where the actual download occurred has been a process.
Glad to hear you've managed to cut down on the amount of alerts, and sorry to hear the sorting by download size isn't working correctly. This is an issue that we have since fixed and it is available in our latest beta release.
You can grab the latest release at http://fastvue.co/sophos/downloadbeta
Simply run the new installer over the top of your existing installation. The installer will pick up your existing settings, so just click next throughout the wizard without making any changes. Once installed, browse to the site and clear the browser cache by hitting ctrl + F5 (cmd + R on Mac).