cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
409
Views
0
Helpful
0
Replies
Beginner

Syslog Alert for IOC, Malware / Intrusion events etc

Hello

 

I would like to basically set Syslog alerting for the all the Malware / Intrusion events seen in Firepower. Please check attached for events that I am after.

 

I have configured the following

 

Enabled logging for Global Access Policy, Global IPS Policy, Security Intelligence, Blocked Apps, Blocked URLs etc.

 

In addition to this, I have also configured : Policies > Actions > Alerts

 

i) Impact Flag (Impact 2 / 1)

ii) Discovery Event Alerts > Host IOC Set

iii) Advanced Malware Protection Alerts (Retrospective /  All network-based malware events)

 

Q1) Will this cover my requirement?

Q2) Will ii alert me when an IOC occurs?

Q3) Is iii this enough to cover all Malware events?

Q4) Is there anything else configurable?

Thank you.

Everyone's tags (1)