Cisco Cisco Firepower Management Center 4000

If you configure an alert as a response to a correlation rule that contains a connection tracker, the alert 
information you receive is the same as that for alerts on traffic profile changes, even if the correlation 
rule itself is based on a different kind of event.

When you create an alert response, it is automatically enabled. Only enabled alert responses can generate 
alerts. To stop alerts from being generated, you can temporarily disable alert responses rather than 
deleting your configurations.

You manage alert responses on the Alerts page (

). The slider next to each alert 

response indicates whether it is active; only enabled alert responses can generate alerts. The page also 
indicates whether the alert response is being used in a configuration, for example, to log connections in 
an access control rule. You can sort alert responses by name, type, in use status, and enabled/disabled 
status by clicking the appropriate column header; click the column header again to reverse the sort.

For more information, see:

Any

Note that you cannot perform email alerting on logged connections in an access control policy. 

Before you create an email alert response, you should make sure that the Defense Center can 
reverse-resolve its own IP address. You should also configure your mail relay host as described in 

.

Admin

Select 

.

The Alerts page appears.

From the 

 drop-down menu, select 

.

The Create Email Alert Configuration pop-up window appears.

In the 

 field, type the name you want to use to identify the alert response.

In the 

 field, type the email addresses where you want to send alerts.

Separate email addresses with commas.

In the 

 field, type the email address that you want to appear as the sender of the alert.

Next to 

, verify the listed mail server is the one that you want to use to send the alert.