In addition to the Email alerts for critical dashboard events introduced in v2.61, the system can now email alerts for high risk device events to dashboard administrators as they occur.
These are the high risk events that are viewable on the Events & Alerts tab in the SandBlast Mobile Dashboard.
High risk device events include any event that raises the device risk level to high, such as:
|Jailbroken/Rooted||Jailbroken/Rooted Device||Device is rooted; Device is Jailbroken|
|Application||Malicious Application Installed or Removed|
Provisioning Profile Added
malicious profile was detected
any provisioning profile added, does not indicate malicious intent
BlueBorne BT exploit attack
malicious system configuration change
|Profile (iOS)||Suspicious Profile||suspicious VPN or Wi-Fi/Proxy profile detected|
SSL Interception (Basic)
SSL Interception (Advanced)
|Types of Man-in-the-Middle attacks|
Malicious URL detected in SMS message
Device status changed to Active or Inactive
To enable email alerts:
- Open the dashboard and click on the avatar icon
- Click Edit.
- Turn ON the ‘Email Alerts’.
- Click Save.
Example of a high risk event email alert:
Originally introduced in v2.61, and enhanced to include High Risk device events in v2.66.