TSFA Settings

TSFA Settings

Managing Incident Severity and Notifications

Settings are available for Org Admins and IT Admins under Configurations & Settings > Organization Settings > TSFA Settings. It allows to customize alert preferences by incident severity: Low and higher, Moderate and higher, or High only. 

When an incident meets the selected severity, users are notified via a portal message and, optionally, email. Both notifications include a direct link to the incident for quick access. 
Info
  1. Any TSFA user can add or delete other users from the Settings table.
  2. By default, no users receive notifications or emails until configured.

Setting Up Incident Notifications

  1. Sign in to an Organization as an Org Admin or IT Admin. 
  2. From the top drop-down menu select Configuration & Settings.
  3. In the left panel, go to Organization Settings > TSFA Settings.
  4. Open the Incident Notifications tab.
  5. Select Add Users
  6. Select the checkboxes next to the users you want to configure alerts for.
  7. Click Save.
  8. Optional: To send email notifications when an incident occurs, turn on the Email Notifications toggle button to On and click Save.

Removing Users

  1. Select the checkbox next to the organization user(s) to exclude from notifications.
  2. Click Remove Users.
  3. Click Proceed. User(s) will stop receiving the notifications.

Setting Up Severity Levels 

Because every organization has different operational priorities, Org Admins and IT Admins can override the default severity levels defined by the Solution Admin.
  1. Open the Incident Severity tab
  2. Click Edit.
      1. Notifications Settings.
        To receive a notification whenever an incident´s severity changes, turn the select the toggle button On.
      2. Severity Settings
        Each incident type includes a recommended severity level defined by the Solution Admin and labeled as (default).
        To modify a severity level, click the empty circular button next to the desired level to select it. Repeat as needed.
  3. Click Save.
You can revert to Solution Admin’s default settings at any time. To reset all values at once, click Reset all to default and confirm the warning prompt. 
Warning
All changes will be applied to past and future events.

Setting Up Prevalence Event Thresholds

Org Admins can configure Prevalence Event Thresholds to control how prevalent issues are identified. Values must be between 0.01% and 99.99%, with up to two decimal places. If no decimal is provided, the value is treated as a whole number. Trailing zeros (e.g., 4.00) are ignored, and values with more than two decimal places are not accepted.

To Update Thresholds
  1. Open the Prevalence Model tab.
  2. Click Edit.
  3. Enter the desired threshold values.
  4. Click Save.
Default threshold values:
  1. 24 hours: 10%
  2. 7 days: 5%
  3. 30 days: 2% 
Info
Updates do not affect issues previously identified as prevalent.
New threshold values take effect the following day at approximately 1:00 AM, when the Prevalence Model runs again.
For more information, read Incident Overview.


    • Related Articles

    • Incident Overview

      The TSFA Incident Overview provides a centralized view of all TSFA Security incidents detected across your fleet. It enables administrators to monitor and export events efficiently from a single, organized workspace. To access this feature , got to ...

    • Security Event Log Reference

      This document provides a structured overview of key security-related incidents logged by ThinkShield Firmware Assurance. Events are categorized based on their nature, severity, and potential impact. Each event includes a brief description, its ...

    • Troubleshooting TSFA

      TSFA device issues are typically related to compatibility, provisioning, or communication between the device and the system. Use the device status and security posture values to identify and troubleshoot these conditions. Device Status Issues BIOS ...

    • Getting Started with TSFA

      ThinkShield Firmware Assurance (TSFA) evaluates device security posture based on events generated by devices. TSFA can be used independently. A TSFA license is required to use TSFA functionality, whether it is used on its own or together with Lenovo ...

    • Using the Dashboard in TSFA

      The Dashboard is the main entry point to ThinkShield Firmware Assurance. It provides a centralized view of device fleet data through graphs and visuals, helping users quickly understand trends and key metrics. Organizations with a ThinkShield ...