Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
447
Views
5
Helpful
3
Replies

Possible to send IoC events from FMC to SNMP/Email?

Chess Norris
Level 4
Level 4

‎02-06-2023 01:47 AM

Hello,

We are running FMC 7.2 and on the summery dashboard on the Threats TAB, there is a list called  "Indication of Compromise by Host" where we can see hosts that have downloaded malware and are CnC connected. It looks like this:

1.jpg

We would like to get an email or/and a SNMP alert whenever this happens, but I cannot find where I can configure this. 

I've looked under Policys->Actions->Alerts->Advanced Malware Protection Alerts, but I am not sure this is exactly the same alerts? 

Thanks

/Chess

0 Helpful
3 Replies 3

Chess Norris
Level 4
Level 4

‎02-09-2023 12:21 AM - edited ‎02-09-2023 12:33 AM

Did some more invistagation into this and the IoC events we see in the Threat TAB in the dashboard comes from the Analysis->Hosts->Indications of Compromise page.  Is it possible to get emaill alerts for those events?

2.JPG

Thanks

/Chess

0 Helpful

Marius Gunnerud
VIP
VIP

‎02-09-2023 01:13 AM - edited ‎02-09-2023 01:17 AM

You could look into Monitor Alerts, there you can create alerts for Security intelligence on the FMC.

Another option, and perhaps a better option, is to integrate your FMC with SecureX, there you should be able to create playbooks based on events and those events trigger actions like sending an email.

https://www.cisco.com/c/en/us/td/docs/security/firepower/integrations/SecureX/secure_firewall_management_center_and_securex_integration_guide/introduction_about_the_integration.html

https://blogs.cisco.com/security/automate-your-way-to-success-with-cisco-securex

 

--
Please remember to select a correct answer and rate helpful posts

Chess Norris
Level 4
Level 4
In response to Marius Gunnerud

‎02-09-2023 05:03 AM - edited ‎02-09-2023 05:17 AM

Thanks Marius. I will have a look at that.

Edit. Is this the correct one? This was the only one I found related to Security Intelligence, but it seems more like an update alert?

3.JPG

Best regards

/Chess

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card