In this article we'll go over setting up an exception to email alerts for a specific IPS protection for Sophos' UTM 9.
I keep getting email alerts for an irrelevant IPS protection, "Dahua DVR hard-coded root login attempt"; I don't have any DVRs, much less any 'Dahua' ones... I'm all up for blocking it and continuing to block it, but the rather constant emails are starting to annoy me. I can't stop the attempts, only block/allow them, so I have to suppress the email. But I don't want to disable ALL IPS emails, just this one.
In this article I'll be using that protection in specific, but the general process is applicable to all other IPS Email alerts coming from a Sophos UTM 9 device.
Here's the important info from the email you would be getting:
The KEY detail here is found within that "Details..." link:
This is the IPS Protection 'ID'. We'll use that in the UTM to create the exception.
Next, log in to the UTM WebAdmin, and go to 'Network Protection', 'Intrusion Prevention', and then finally 'Advanced'.
In the 'Manual Rule Modification', click the '+' symbol to create a new modification.
Now here's where that Rule ID comes in to play, enter it into the Rule ID box, select 'Disable notifications', and 'Save' the modification.
And From this point forward you will not get any email alerts for that specific protection.