Hi, I just deployed AMP for my first alpha test devices however, I don't see anyway to notify an administrator if an endpoint is compromised or a threat is detected. Am I missing something here? I would assume that alerts / email notification would be standard.
You can create an alert filter and subscribe to it. That way you would be notified to that specific filtered alerts. Go to Analysis->Event->Filter the event (Subscribe).Take a look to snapshot attached.