Email alert for high risk device events to admin

Document created by Pamela S. Lee Employee on Jan 17, 2018Last modified by Pamela S. Lee Employee on Feb 20, 2018
Version 5Show Document
  • View in full screen mode

In addition to the Email alerts for critical dashboard events introduced in v2.61, the system can now email alerts for high risk device events to dashboard administrators as they occur.

These are the high risk events that are viewable on the Events & Alerts tab in the SandBlast Mobile Dashboard.

 

 

High risk device events include any event that raises the device risk level to high, such as:

Event typeEventExamples
Jailbroken/RootedJailbroken/Rooted DeviceDevice is rooted; Device is Jailbroken
ApplicationMalicious Application Installed or Removed
Suspicious Behavior

Profile

Provisioning Profile Added

malicious profile was detected

any provisioning profile added, does not indicate malicious intent

ConfigurationSuspicious Configuration

BlueBorne BT exploit attack

ARP Poisoning

Man-in-the-Middle attack

malicious system configuration change

Profile (iOS)Suspicious Profilesuspicious VPN or Wi-Fi/Proxy profile detected
Network Attack

SSL Stripping

SSL Interception (Basic)

SSL Interception (Advanced)

Types of Man-in-the-Middle attacks
Device

SMS Phishing

Connectivity

Malicious URL detected in SMS message

Device status changed to Active or Inactive

 

To enable email alerts:

  1. Open the dashboard and click on the avatar icon
  2. Click Edit.
  3. Turn ON the ‘Email Alerts’.
  4. Click Save.

 

Example of a high risk event email alert:

 

 

Originally introduced in v2.61, and enhanced to include High Risk device events in v2.66.

Attachments

    Outcomes