Email alert for high risk device events to admin

Pamela_S__Lee — Wed, 17 Jan 2018 21:43:16 GMT

In addition to the Email alerts for critical dashboard events introduced in v2.61, the system can now email alerts for high risk device events to dashboard administrators as they occur.

These are the high risk events that are viewable on the Events & Alerts tab in the SandBlast Mobile Dashboard.

High risk device events include any event that raises the device risk level to high, such as:

Event type	Event	Examples
Jailbroken/Rooted	Jailbroken/Rooted Device	Device is rooted; Device is Jailbroken
Application	Malicious Application Installed or Removed
Suspicious Behavior	Profile Provisioning Profile Added	malicious profile was detected any provisioning profile added, does not indicate malicious intent
Configuration	Suspicious Configuration	BlueBorne BT exploit attack ARP Poisoning Man-in-the-Middle attack malicious system configuration change
Profile (iOS)	Suspicious Profile	suspicious VPN or Wi-Fi/Proxy profile detected
Network Attack	SSL Stripping SSL Interception (Basic) SSL Interception (Advanced)	Types of Man-in-the-Middle attacks
Device	SMS Phishing Connectivity	Malicious URL detected in SMS message Device status changed to Active or Inactive

To enable email alerts:

Open the dashboard and click on the avatar icon
Click Edit.
Turn ON the ‘Email Alerts’.
Click Save.

Example of a high risk event email alert:

Originally introduced in v2.61, and enhanced to include High Risk device events in v2.66.

topic Email alert for high risk device events to admin in Mobile

Email alert for high risk device events to admin

High risk device events include any event that raises the device risk level to high, such as:

To enable email alerts:

Example of a high risk event email alert: