Cisco Cisco Firepower Management Center 4000

After you create alert responses and remediations, (see 

), you can group them so that a policy violation triggers all of the 

responses within the group. Before you can assign response groups to correlation rules, you must create 
the groups on the Groups page.

The slider next to the group indicates whether the group is active. If you want to assign a response group 
to a rule within a correlation policy, you must activate it. You can sort response groups by state (active 
versus inactive) or alphabetically by name using the 

 drop-down list.

See the following sections for more information:

Any

You can place individual alerts and remediations in response groups, which can then be assigned to rules 
within correlation policies so that a group of alerts and remediations can be launched when a policy is 
violated. After a group has been assigned to rules in active policies, changes to the group and to alerts 
or remediations within the group are automatically applied to active policies.

Admin

Select 

, then click 

.

The Groups page appears.

Click 

.

The Response Group page appears.

In the 

 field, type a name for the new group.

Select 

 to activate the group so that you can use it in response to a correlation policy violation.

From the 

 list, select the alerts and remediations you want to include in the group.

Hold down the Ctrl key while clicking to select multiple responses.

Click 

 to move alerts and remediations into the group.

Conversely, you can select alerts and remediations from the 

 list and click 

 to move 

the alerts out of the response group.

Click 

.

The group is created.