Cisco Cisco Firepower Management Center 4000

While the FireSIGHT System provides various views of events within the web interface, you may want 
to configure external event notification to facilitate constant monitoring of critical systems. You can 
configure the FireSIGHT System to generate alerts that notify you via email, SNMP trap, or syslog when 
one of the following is generated: 

an intrusion event with a specific impact flag

a specific type of discovery event

a network-based malware event or retrospective malware event

a correlation event, triggered by a specific correlation policy violation

a connection event, triggered by a specific access control rule

a specific status change for a module in a health policy

To have the system send these alerts, you must first create an alert response, which is a set of 
configurations that allows the FireSIGHT System to interact with the external system where you plan to 
send the alert. Those configurations may specify, for example, an email relay host, SNMP alerting 
parameters, or syslog facilities and priorities.

After you create the alert response, you associate it with the event that you want to use to trigger the 
alert. Note that the process for associating alert responses with events is different depending on the type 
of event:

You associate alert responses with impact flags, discovery events, and malware events using their 
own configuration pages.

You associate correlation events with alert responses (and remediation responses; see 

) in your correlation policies.

You associate SNMP and syslog alert responses with logged connections using access control rules 
and policies. Email alerting is not supported for logged connections.

You associate alert responses with health module status changes using the health monitor.