Cisco Cisco Firepower Management Center 4000

There is another type of alerting you can perform in the FireSIGHT System, which is to configure email, 
SNMP, and syslog intrusion event notifications for individual intrusion events, regardless of impact flag. 
You configure these notifications in intrusion policies; see 

 and 

. The following table explains the licenses you must 

have to generate alerts.

For more information, see:

Any

The first step in configuring external alerting is to create an alert response, which is a set of 
configurations that allows the FireSIGHT System to interact with the external system where you plan to 
send the alert. You can create alert responses to send alerts via email, a simple network management 
protocol (SNMP) trap, or a system log (syslog).

The information you receive in an alert depends on the type of event that triggered the alert. For example, 
an impact flag alert contains timestamp, intrusion rule, impact flag, and event description information. 
As another example, discovery event alerts also contain timestamp and description information, as well 
as discovery event type information. 

If you are using an alert response in a correlation policy, the information in the alert depends on the type 
of event that triggered the correlation policy violation.

an intrusion event with a specific impact flag

FireSIGHT + Protection

a specific type of discovery event

FireSIGHT

a network-based malware event

Malware

a correlation policy violation

the license that was required to trigger the policy 
violation

a connection event

the license that was required to log the connection

health module status changes

Any