Cisco Cisco FirePOWER Appliance 7030
15-9
FireSIGHT System User Guide
Chapter 15 Configuring External Alerting
Configuring Discovery Event Alerting
Step 4
Click
Save
.
Your impact flag alerting settings are saved.
Configuring Discovery Event Alerting
License:
FireSIGHT
You can configure the system to alert you whenever a specific type of discovery event occurs. For
information about the different event types, see
information about the different event types, see
and
Note that to generate an alert based on a discovery event type, you must configure your network
discovery policy to log that event type; see
discovery policy to log that event type; see
. By
default, logging is enabled for all event types.
To configure discovery event alerting:
Access:
Admin
Step 1
Select
Policies > Actions > Alerts
, then select the
Discovery Event Alerts
tab.
The Discovery Event Alerts page appears.
Step 2
In the
Alerts
section, select the alert response you want to use for each alert type.
To create a new alert response, select
New
from any drop-down list. For more information, see
.
Step 3
In the
Events Configuration
section, select the check boxes that correspond to the alerts you want to receive
for each discovery event type.
Step 4
Click
Save
.
Your discovery event alerting settings are saved.
Configuring Advanced Malware Protection Alerting
License:
Malware
Supported Devices:
Series 3, virtual, X-Series
Supported Defense Centers:
Any except DC500
You can configure the system to alert you whenever any network-based malware event, including a
retrospective event, is generated. You cannot, however, alert on endpoint-based (FireAMP) malware
events. For information on malware events, see
retrospective event, is generated. You cannot, however, alert on endpoint-based (FireAMP) malware
events. For information on malware events, see
.
To generate alerts based on malware events, you must create a file policy that performs malware cloud
lookups, then associate that policy with an access control rule. For more information, see
lookups, then associate that policy with an access control rule. For more information, see
and