This article describes the proactive monitoring support component of the managed appliance service provided by Sophos.
Sophos Technical Support receives notifications via two types of automatically generated alerts:
- Heartbeat Monitor alerts: when an appliance fails to connect to the threat definition repository.
- Performance alerts: when certain events or conditions occur on the appliance.
Upon receipt of one of these alerts, Sophos Support will notify the customer, using the contact information provided by the customer in the 'Appliance Support Contact' settings. The contact method used will depend on whether the alert is categorized as critical or non-critical. Responses to critical alerts are sent to the 'Emergency Contact', while responses to non-critical alerts are sent to the 'Business Hours Contact'. The target response times for notifying customers of an alert are shown below.
Heartbeat Monitor Alerts
Sophos Support receives an alert whenever an appliance has failed to connect to the threat definition repository for a period of more than one hour.
- A Critical alert notification will be issued to the Emergency Contact within one hour of Sophos support receiving the alert.
Sophos Support receives an alert whenever certain events or conditions occur on the appliance. These are denoted as critical or non-critical, depending upon the specific event or condition.
- For critical Performance alerts, e.g. hardware failures, runaway processes, unrecoverable errors, etc, a response will be issued to the Emergency Contact within one hour of receiving the alert.
- For non-critical Performance alerts, e.g. update failures, processes in a warning state that need to be investigated, etc, a response will be issued to the Business Contact within two hours of receiving the alert.
Note: if a customer has not provided Emergency Contact information, a response will be issued to the Business Hours contact.