Cisco Cisco Firepower Management Center 2000

15-8

FireSIGHT System User Guide

Chapter 15 Configuring External Alerting

Configuring Impact Flag Alerting

Step 1

Select

Policies > Actions > Alerts

The Alerts page appears.

Step 2

Next to the alert response you want to delete, click the delete icon (

Step 3

Confirm that you want to delete the alert response.

The alert response is deleted.

Enabling and Disabling Alert Responses

License:

Any

Only enabled alert responses can generate alerts. To stop alerts from being generated, you can
temporarily disable alert responses rather than deleting your configurations. Note that if an alert is in use
when you disable it, it is still considered in use even though it is disabled.

To enable or disable an alert response:

Access:

Admin

Step 1

Select

Policies > Actions > Alerts

The Alerts page appears.

Step 2

Next to the alert response you want to enable or disable, click the enable/disable slider.

If the alert response was enabled, it is disabled. If it was disabled, it is enabled.

Configuring Impact Flag Alerting

License:

Protection

You can configure the system to alert you whenever an intrusion event with a specific impact flag occurs.
Impact flags help you evaluate the impact an intrusion has on your network by correlating intrusion data,
network discovery data, and vulnerability information. For more information, see

Using Impact Levels

to Evaluate Events, page 18-33

To configure impact flag alerting:

Access:

Admin

Step 1

Select

Policies > Actions > Alerts

, then select the

Impact Flag Alerts

tab.

The Impact Flag Alerts page appears.

Step 2

In the Alerts section, select the alert response you want to use for each alert type.

To create a new alert response, select

New

from any drop-down list. For more information, see

Working

with Alert Responses, page 15-2

Step 3

In the Impact Configuration section, select the check boxes that correspond to the alerts you want to
receive for each impact flag.