Cisco Cisco Firepower Management Center 4000
31-2
FireSIGHT System User Guide
Chapter 31 Configuring External Alerting for Intrusion Rules
Using SNMP Responses
•
the event data
You can set a variety of SNMP alerting parameters. Available parameters vary depending on the version
of SNMP you use. For details on enabling and disabling SNMP alerting, see
of SNMP you use. For details on enabling and disabling SNMP alerting, see
.
Tip
If your network management system requires a management information base file (MIB), you can obtain
it from the Defense Center at
it from the Defense Center at
/etc/sf/DCEALERT.MIB
.
SNMP v2 Options
For SNMP v2, you can specify the options described in the following table.
SNMP v3 Options
For SNMP v3, you can specify the options described in the following table.
Note
When using SNMP v3, the appliance uses an Engine ID value to encode the message. Your SNMP server
requires this value to decode the message. Currently, this Engine ID value will always be the
hexadecimal version of the appliance’s IP address with
requires this value to decode the message. Currently, this Engine ID value will always be the
hexadecimal version of the appliance’s IP address with
01
at the end of the string. For example, if the
appliance sending the SNMP alert has an IP address of
172.16.1.50
, the Engine ID is
0xAC10013201
or,
if the appliance has an IP address of
10.1.1.77
,
0x0a01014D01
is used as the Engine ID.
Table 31-1
SNMP v2 Options
Option
Description
Trap Type
The trap type to use for IP addresses that appear in the alerts.
If your network management system correctly renders the INET_IPV4 address
type, then you can select
type, then you can select
as Binary
. Otherwise, select
as String
. For example, HP
Openview requires the string type.
Trap Server
The server that will receive SNMP traps notification.
You can specify a single IP address or hostname.
Community String
The community name.
Table 31-2
SNMP v3 Options
Option
Description
Trap Type
The trap type to use for IP addresses that appear in the alerts.
If your network management system correctly renders the INET_IPV4
address type, then you can select
address type, then you can select
as Binary
. Otherwise, select
as String
. For
example, HP Openview requires the string type.
Trap Server
The server that will receive SNMP traps notification.
You can specify a single IP address or hostname.
Authentication Password
The password required for authentication. SNMP v3 uses either the
Message Digest 5 (MD5) hash function or the Secure Hash Algorithm
(SHA) hash function to encrypt this password, depending on
configuration.
Message Digest 5 (MD5) hash function or the Secure Hash Algorithm
(SHA) hash function to encrypt this password, depending on
configuration.
If you specify an authentication password, authentication is enabled.