The Notifications Settings section has some interesting options but not the ones I want.
For detections I can either get an instant email or a weekly batch. I assume a batch would contain more information than an instant email, but a week is far too long to wait for notifications of detections. So I have all of them set to "instant".
There are options for "daily batches" for other types of notifications, but not for detections.
The instant email includes the name of the device and says "threat blocked". If I want more information I have to log into the console. How hard would it be for that instant email to also tell me which shield detected the threat, and the name of the specific threat detected?
Ideally, in addition to getting a detailed instant email that doesn't require me to log into the console to assess the seriousness of the threat, I would also be able to configure a detailed report and have it emailed to me daily, as I can in the SOA. Why was this functionality removed from this version of the system?
Thanks.