Cisco Cisco FirePOWER Appliance 7115
Version 5.3
Sourcefire 3D System User Guide
570
Configuring External Alerting
Chapter 14
•
You associate SNMP and syslog alert responses with logged connections
using access control rules and policies. Email alerting is not supported for
logged connections.
•
You associate alert responses with health module status changes using the
health monitor.
There is another type of alerting you can perform in the Sourcefire 3D System,
which is to configure email, SNMP, and syslog intrusion event notifications for
individual intrusion events, regardless of impact flag. You configure these
notifications in intrusion policies; see
The following table explains the licenses you must have to generate alerts.
For more information, see:
•
•
•
•
•
•
•
•
License Requirements for Generating Alerts
T
O
GENERATE
AN
ALERT
BASED
ON
...
Y
OU
NEED
THIS
LICENSE
...
an intrusion event with a specific impact flag
FireSIGHT + Protection
a specific type of discovery event
FireSIGHT
a network-based malware event
Malware
a correlation policy violation
the license that was required
to trigger the policy violation
a connection event
the license that was required
to log the connection
health module status changes
Any