Cisco FMC critical and major email alert

Adnan Khan · ‎05-11-2020

Hi,

I would like to configure Cisco FMC for email alerts notification for critical and major alerts. Any critical or major alerts triggered on FMC for FTD should receive an email notification. Can anyone share the procedure for that?

Thanks

Michael ONeil · ‎05-13-2020

When you ask for email alerts for Critical and Major events, I assume you mean for IPS events. These IPS events are catgorized by their Impact Flags. These events can be sent as an email alert.

Go to System Configuration and setup an email server and the from and to email addresses.

Then go to Policies, Alerts, Responses and create an email alert using the email server you setup in the System Configuration.

Then click the Impact Flags Events tab and select "email" and use the Email alert you created. Then at the bottom of that window select the Impact Flags you want to be alerted about. Note: I recommend only Impact Flags "1" as the rest of them will inundate and fill up your email inbox. Impact Flag 1 are those IPS events that are 99% true and not likely a false positive.

See this for reference:

https://www.cisco.com/c/en/us/td/docs/security/firepower/60/configuration/guide/fpmc-config-guide-v60/fpmc-config-guide-v60_chapter_01110000.html

and

https://www.cisco.com/c/en/us/td/docs/security/firepower/620/configuration/guide/fpmc-config-guide-v62/external_alerting_for_intrusion_events.pdf

hope this helps

:)