Cisco Cisco FirePOWER Appliance 7125
15-3
FireSIGHT System User Guide
Chapter 15 Configuring External Alerting
Working with Alert Responses
Note
If you configure an alert as a response to a correlation rule that contains a connection tracker, the alert
information you receive is the same as that for alerts on traffic profile changes, even if the correlation
rule itself is based on a different kind of event.
information you receive is the same as that for alerts on traffic profile changes, even if the correlation
rule itself is based on a different kind of event.
When you create an alert response, it is automatically enabled. Only enabled alert responses can generate
alerts. To stop alerts from being generated, you can temporarily disable alert responses rather than
deleting your configurations.
alerts. To stop alerts from being generated, you can temporarily disable alert responses rather than
deleting your configurations.
You manage alert responses on the Alerts page (
Policies > Actions > Alerts
). The slider next to each alert
response indicates whether it is active; only enabled alert responses can generate alerts. The page also
indicates whether the alert response is being used in a configuration, for example, to log connections in
an access control rule. You can sort alert responses by name, type, in use status, and enabled/disabled
status by clicking the appropriate column header; click the column header again to reverse the sort.
indicates whether the alert response is being used in a configuration, for example, to log connections in
an access control rule. You can sort alert responses by name, type, in use status, and enabled/disabled
status by clicking the appropriate column header; click the column header again to reverse the sort.
For more information, see:
•
•
•
•
•
•
Creating an Email Alert Response
License:
Any
Note that you cannot perform email alerting on logged connections in an access control policy.
Before you create an email alert response, you should make sure that the Defense Center can
reverse-resolve its own IP address. You should also configure your mail relay host as described in
reverse-resolve its own IP address. You should also configure your mail relay host as described in
.
To create an email alert response:
Access:
Admin
Step 1
Select
Policies > Actions > Alerts
.
The Alerts page appears.
Step 2
From the
Create Alert
drop-down menu, select
Create Email Alert
.
The Create Email Alert Configuration pop-up window appears.
Step 3
In the
Name
field, type the name you want to use to identify the alert response.
Step 4
In the
To
field, type the email addresses where you want to send alerts.
Separate email addresses with commas.
Step 5
In the
From
field, type the email address that you want to appear as the sender of the alert.
Step 6
Next to
Relay Host
, verify the listed mail server is the one that you want to use to send the alert.