Cisco Cisco FirePOWER Appliance 7115
Version 5.3
Sourcefire 3D System User Guide
569
User Guide
C
HAPTER
14
C
ONFIGURING
E
XTERNAL
A
LERTING
While the Sourcefire 3D System provides various views of events within the web
interface, you may want to configure external event notification to facilitate
constant monitoring of critical systems. You can configure the Sourcefire 3D
System to generate alerts that notify you via email, SNMP trap, or syslog when
one of the following is generated:
•
an intrusion event with a specific impact flag
•
a specific type of discovery event
•
a network-based malware event or retrospective malware event
•
a correlation event, triggered by a specific correlation policy violation
•
a connection event, triggered by a specific access control rule
•
a specific status change for a module in a health policy
To have the system send these alerts, you must first create an alert response,
which is a set of configurations that allows the Sourcefire 3D System to interact
with the external system where you plan to send the alert. Those configurations
may specify, for example, an email relay host, SNMP alerting parameters, or
syslog facilities and priorities.
After you create the alert response, you associate it with the event that you want
After you create the alert response, you associate it with the event that you want
to use to trigger the alert. Note that the process for associating alert responses
with events is different depending on the type of event:
•
You associate alert responses with impact flags, discovery events, and
malware events using their own configuration pages.
•
You associate correlation events with alert responses (and remediation
responses; see
on page 1678) in your correlation
policies.