Cisco Cisco FirePOWER Appliance 7115

Version 5.3

Sourcefire 3D System User Guide

570

Configuring External Alerting

Chapter 14

•

You associate SNMP and syslog alert responses with logged connections

using access control rules and policies. Email alerting is not supported for

logged connections.

•

You associate alert responses with health module status changes using the

health monitor.

There is another type of alerting you can perform in the Sourcefire 3D System,

which is to configure email, SNMP, and syslog intrusion event notifications for

individual intrusion events, regardless of impact flag. You configure these

notifications in intrusion policies; see

Configuring External Responses to Intrusion

Events

on page 1060 and

Adding Alerts

on page 788.

The following table explains the licenses you must have to generate alerts.

For more information, see:

•

Working with Alert Responses

on page 571

•

Configuring Impact Flag Alerting

on page 580

•

Configuring Discovery Event Alerting

on page 581

•

Configuring Advanced Malware Protection Alerting

on page 582

•

Adding Responses to Rules and White Lists

on page 1588

•

Logging Connection, File, and Malware Information

on page 560

•

Logging Connections for the Default Action

on page 468

•

Configuring Health Monitor Alerts

on page 2241

License Requirements for Generating Alerts

GENERATE

ALERT

BASED

...

NEED

THIS

LICENSE

...

an intrusion event with a specific impact flag

FireSIGHT + Protection

a specific type of discovery event

FireSIGHT

a network-based malware event

Malware

a correlation policy violation

the license that was required

to trigger the policy violation

a connection event

the license that was required

to log the connection

health module status changes

Any