https://community.cisco.com/t5/network-security/email-alerts-for-security-intelligence-events/m-p/3599287#M979735 <HTML><HEAD></HEAD><BODY><P>Correlation policy should be most recommended as we can expect many alert on SI if you connect to internet.</P></BODY></HTML> Fri, 18 May 2018 04:05:52 GMT smusijar 2018-05-18T04:05:52Z https://community.cisco.com/t5/network-security/email-alerts-for-security-intelligence-events/m-p/3599284#M979700 <HTML><HEAD></HEAD><BODY><P>Is there any way to setup email alerts for Security Intelligence events?&nbsp; I haven't seen anything other than syslog and SNMP traps.&nbsp; </P><P></P><P>TIA,</P><P></P><P>Dan </P></BODY></HTML> Wed, 14 Mar 2018 18:13:58 GMT https://community.cisco.com/t5/network-security/email-alerts-for-security-intelligence-events/m-p/3599284#M979700 deyster94 2018-03-14T18:13:58Z https://community.cisco.com/t5/network-security/email-alerts-for-security-intelligence-events/m-p/3599285#M979712 <HTML><HEAD></HEAD><BODY><P>Hi Dan,</P><P></P><P>First of all, you must to setup an email SMTP server in the "System Policy" or "Sysem Settings" in your Firesight Management Center (FMC) or Defense Center (DC). </P><P></P><P>After that, here you are the steps to send "Security Intelligence" events via email:</P><P><IMG alt="SecurityIntelligence1.png" class="image-1 jive-image" src="https://community.cisco.com/legacyfs/online/fusion/117029_SecurityIntelligence1.png" style="height: 111px; width: 620px;" /></P><P><IMG alt="SecurityIntelligence2.png" class="jive-image image-2" src="https://community.cisco.com/legacyfs/online/fusion/117030_SecurityIntelligence2.png" style="height: 175px; width: 620px;" /></P><P></P><P>Regards, Juan.</P></BODY></HTML> Fri, 11 May 2018 12:11:55 GMT https://community.cisco.com/t5/network-security/email-alerts-for-security-intelligence-events/m-p/3599285#M979712 jsenovilla 2018-05-11T12:11:55Z https://community.cisco.com/t5/network-security/email-alerts-for-security-intelligence-events/m-p/3599286#M979724 <HTML><HEAD></HEAD><BODY><P>in addition to setting up the "mail notification: in the system settings, you'll have to create a correlation policy&amp;rule to match an event. Then you can use an email action to alert you. So there's really three things you need to be aware of. </P><P></P><P>- "email notification" under system settings</P><P>- "email action" under policies, actions</P><P>- "correlation policy" under policies, correlation</P><P></P><P>The first step is to setup your mail relay. Once that's verified working, you need to setup your email action. With that done, you move on to a correlation policy. These can be a bit daunting at first, but once you learn the flow, it's all just a big logic engine/policy.</P><P></P><P>Correlation:</P><P>- Add a rule</P><P>&nbsp;&nbsp;&nbsp;&nbsp; - Name it</P><P>- build your rule</P><P>&nbsp;&nbsp;&nbsp;&nbsp; - "If connection event occurs...."</P><P>&nbsp;&nbsp;&nbsp;&nbsp; - Security Intelligence category is &lt;category&gt;</P><P>&nbsp;&nbsp;&nbsp;&nbsp; - save</P><P></P><P>- add correlation policy</P><P>&nbsp;&nbsp;&nbsp;&nbsp; - name it</P><P>&nbsp;&nbsp;&nbsp;&nbsp; - add rules</P><P>&nbsp;&nbsp;&nbsp;&nbsp; - select and add rule you just made</P><P>&nbsp;&nbsp;&nbsp;&nbsp; - click on "responses" icon next to delete icon</P><P>&nbsp;&nbsp;&nbsp;&nbsp; - choose email action you created earlier</P><P>&nbsp;&nbsp;&nbsp;&nbsp; - save</P><P></P><P>-Activate policy</P><P>&nbsp;&nbsp;&nbsp;&nbsp; - click the blue slider</P><P></P><P></P><P>Play around with the correlation policies and you'll quickly see how useful these can be. </P></BODY></HTML> Thu, 17 May 2018 23:26:56 GMT https://community.cisco.com/t5/network-security/email-alerts-for-security-intelligence-events/m-p/3599286#M979724 miculp 2018-05-17T23:26:56Z https://community.cisco.com/t5/network-security/email-alerts-for-security-intelligence-events/m-p/3599287#M979735 <HTML><HEAD></HEAD><BODY><P>Correlation policy should be most recommended as we can expect many alert on SI if you connect to internet.</P></BODY></HTML> Fri, 18 May 2018 04:05:52 GMT https://community.cisco.com/t5/network-security/email-alerts-for-security-intelligence-events/m-p/3599287#M979735 smusijar 2018-05-18T04:05:52Z