Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
10452
Views
30
Helpful
3
Replies

Cisco AMP Cloud - realtime email alerts?

Go to solution
jswilmoth
Level 1
Level 1

‎05-21-2018 05:45 AM - edited ‎03-08-2019 05:47 PM

We are using the standalone cloud version of Cisco AMP (console.amp.cisco.com) with the AMP for Endpoints connector on our workstations.

 

I don't see anywhere in the admin console to set up realtime email alerts? We would like our SOC team to get an email when threats are detected in our environment.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
AlexPi
Level 1
Level 1

‎05-21-2018 06:18 AM - edited ‎05-21-2018 06:28 AM

If you go to Analysis - Events, under filter you have Event Type and on the lower right corner of the Filter menu you will see a drop down menu, which in your case will probably show not subscribed, as show in the picture below:

Untitled.pngHere you can select the event type you want to receive notifications for and the way you want to receive them.

 

Note that you cannot define for which e-mail account, the filter is only enabled for the the e-mail account that you are logged in as. So if you want the whole SOC team to receive them, create an account in AMP for the SOC team, with the SOC e-mail address, login as this account and do the above as per your event filter preferences.

 

Hope that helps.

 

------------------------------------------------------------------
If this was helpful, please vote as helpful by clicking on the star icon below.
-------------------------------------

View solution in original post

3 Replies 3

Go to solution
AlexPi
Level 1
Level 1

‎05-21-2018 06:18 AM - edited ‎05-21-2018 06:28 AM

If you go to Analysis - Events, under filter you have Event Type and on the lower right corner of the Filter menu you will see a drop down menu, which in your case will probably show not subscribed, as show in the picture below:

Untitled.pngHere you can select the event type you want to receive notifications for and the way you want to receive them.

 

Note that you cannot define for which e-mail account, the filter is only enabled for the the e-mail account that you are logged in as. So if you want the whole SOC team to receive them, create an account in AMP for the SOC team, with the SOC e-mail address, login as this account and do the above as per your event filter preferences.

 

Hope that helps.

 

------------------------------------------------------------------
If this was helpful, please vote as helpful by clicking on the star icon below.
-------------------------------------

Go to solution
jswilmoth
Level 1
Level 1
In response to AlexPi

‎05-21-2018 06:49 AM

Thanks! Not as intuitive as I would have hoped but it works.
0 Helpful

Go to solution
AlexPi
Level 1
Level 1

‎05-21-2018 06:35 AM - edited ‎05-21-2018 06:40 AM

Go to Analysis – Events. On the Filter menu select the Event Type you want and from the lower right corner, where it probably says “Not Subscribed” select the frequency you want the notifications to occur and Save Filter As… See the image below for help.

 

Untitled.png

 

Note that the filter is relevent to the e-mail of the account you are logged in as only. So if you do not have already, you will have to create an account with the SOC e-mail, loggin as this account and do the above.

 

Hope that helps!

 

------------------------------------------------------------------
If this was helpful, please vote as helpful by clicking on the star icon below.
-------------------------------------
Customers Also Viewed These Support Documents