Cisco Cisco Firepower Management Center 4000

Enables or disables brief email alerting, which is suitable for text-limited devices such as pagers. 
Brief email alerts contain:

event timestamp 

for Defense Centers, the IP address for the device that generated the event

event protocol

source IP and port

destination IP and port

event message 

the number of intrusion events generated against the same source IP

For example:

2011-05-18 10:35:10 10.1.1.100 icmp 10.10.10.1:8 -> 10.2.1.3:0

 

snort_decoder: Unknown Datagram decoding problem! (116:108)

Specifies the rules or rule groups whose events you want mailed to the specified email address or 
addresses.

For information about configuring email alerting, see 

.

Protection

You can configure email alerting so that your appliance notifies you whenever an intrusion event occurs 
for an specific rule or rule group. 

Before you can receive email alerts, you must:

configure your mail host to receive email alerts (see 

)

make sure that both the managed device and the Defense Center can reverse resolve their own IP 
addresses

Admin/Intrusion Admin

Select 

.

The Email Alerting page appears.

Next to 

, select 

 to enable email alerting.

In the 

 field, type the address you want to display in the From field in the email alerts.

In the 

 field, type the address where you want to receive the email alerts.

In the 

field, type the maximum number of events you want included in a single email.

In the 

field, type the number of seconds for the minimum frequency with which you want 

to receive email alerts.

To group events by IP address, next to 

, select 

.