07-06-2021 07:08 PM
Running FMC 7.0.0-64, I have email notifications (Policies / Actions / Alerts / Intrusion Email) turned on for intrusion policies (Snort 3, if that makes any difference), and there are only a few of those notifications that are enabled (as set on Email Alerting per Rule Configuration). Yet, emails are also delivered for the unchecked notifications.
I have followed the support configuration (https://www.cisco.com/c/en/us/td/docs/security/firepower/70/configuration/guide/fpmc-config-guide-v70/external_alerting_for_intrusion_events.html#ID-2212-00000254).
Since I do want these SIDs taking action but I do not need all the email notifications but only a handful, am I missing the correct configuration or is this just another FMC bug?
Solved! Go to Solution.
07-07-2021 07:28 AM
Well, seems there are multiple sources and configurations for notifications on FMC - and I failed to identify this. The notifications I'm receiving were set by the Policies / Actions / Alerts section, which are then sent whenever matched from the policies themselves. Therefore, by disabling the email alerts from the Alerts section, and enabling only those SIDs I want from the Intrusion Email configuration page, FMC can email me only what I'm after.
07-07-2021 07:28 AM
Well, seems there are multiple sources and configurations for notifications on FMC - and I failed to identify this. The notifications I'm receiving were set by the Policies / Actions / Alerts section, which are then sent whenever matched from the policies themselves. Therefore, by disabling the email alerts from the Alerts section, and enabling only those SIDs I want from the Intrusion Email configuration page, FMC can email me only what I'm after.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide