You must have the Advanced Sandbox subscription to configure patient 0 alerts.
A patient 0 event occurs when a user downloads an unknown file that is scanned and found to be malicious. On the Alerts page, you can add the patient 0 alert and receive emails about these events within approximately two hours.
To configure the patient 0 alert:
On the Security dashboard, the Sandbox Patient 0 Events widget displays the patient 0 events that occurred in your organization.
On the Sandbox Patient 0 Events widget, you can see the following information:
If you hover over an event, you can see the following information:
The Admin Portal automatically populates the following fields for the Patient 0 alert. You can't modify any of these fields.
To subscribe to patient 0 alerts: