для Cisco Cisco Firepower Management Center 4000
15-8
FireSIGHT System User Guide
Chapter 15 Configuring External Alerting
Configuring Impact Flag Alerting
Step 1
Select
Policies > Actions > Alerts
.
The Alerts page appears.
Step 2
Next to the alert response you want to delete, click the delete icon (
).
Step 3
Confirm that you want to delete the alert response.
The alert response is deleted.
Enabling and Disabling Alert Responses
License:
Any
Only enabled alert responses can generate alerts. To stop alerts from being generated, you can
temporarily disable alert responses rather than deleting your configurations. Note that if an alert is in use
when you disable it, it is still considered in use even though it is disabled.
temporarily disable alert responses rather than deleting your configurations. Note that if an alert is in use
when you disable it, it is still considered in use even though it is disabled.
To enable or disable an alert response:
Access:
Admin
Step 1
Select
Policies > Actions > Alerts
.
The Alerts page appears.
Step 2
Next to the alert response you want to enable or disable, click the enable/disable slider.
If the alert response was enabled, it is disabled. If it was disabled, it is enabled.
Configuring Impact Flag Alerting
License:
Protection
You can configure the system to alert you whenever an intrusion event with a specific impact flag occurs.
Impact flags help you evaluate the impact an intrusion has on your network by correlating intrusion data,
network discovery data, and vulnerability information. For more information, see
Impact flags help you evaluate the impact an intrusion has on your network by correlating intrusion data,
network discovery data, and vulnerability information. For more information, see
.
To configure impact flag alerting:
Access:
Admin
Step 1
Select
Policies > Actions > Alerts
, then select the
Impact Flag Alerts
tab.
The Impact Flag Alerts page appears.
Step 2
In the Alerts section, select the alert response you want to use for each alert type.
To create a new alert response, select
New
from any drop-down list. For more information, see
.
Step 3
In the Impact Configuration section, select the check boxes that correspond to the alerts you want to
receive for each impact flag.
receive for each impact flag.