Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
524
Views
0
Helpful
1
Replies

Firepower Intrusion Alerts Delayed

DannyDulin
Level 1
Level 1

‎03-15-2023 11:51 AM

We have Email alerts configured for Intrusion events.

We also have a Correlation policy to send an email alert for Intrusion Events that drop.

During our initial testing, we received the alerts. 

However, all subsequent testing produced no email alerts. I can see the intrusion events for our tests, but no email alert.

The intrusion rule and policy are not suppressed in any way.

Is there some setting that causes emails to be delayed by several hours or even days?

0 Helpful
1 Reply 1

Divya Jain
Cisco Employee
Cisco Employee

‎03-31-2023 01:37 AM

Hi,

One possible solution to the issue of delayed intrusion alerts in Firepower is to check the configuration of the intrusion policy and the event action rules. Make sure that the policy is set to generate alerts for the desired severity levels and that the event action rules are configured to send alerts to the appropriate destination, such as email or syslog. 

 

Also, check the health of the Firepower system, including the CPU, memory, and disk usage, as well as the network connectivity.

 

You can always run a packet capture that will show you if the email is being sent out or not and isolate the issue.

 

If the issue persists, consider opening a support case with Cisco TAC for further investigation and troubleshooting.

 

 

-----------------------------------------
If you find my reply solved your question or issue, kindly click the 'Accept as Solution' button and vote it as helpful.

You can also learn more about Secure Firewall (formerly known as NGFW) through our live Ask the Experts (ATXs) session. Check out Cisco Network Security ATXs Resources [https://community.cisco.com/t5/security-knowledge-base/cisco-network-security-ask-the-experts-resources/ta-p/4416493] to view the latest schedule for upcoming sessions, as well as the useful references, e.g. online guides, FAQs.
-----------------------------------------

 

 

 

Regards,
Divya Jain

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card