02-06-2023 01:47 AM
Hello,
We are running FMC 7.2 and on the summery dashboard on the Threats TAB, there is a list called "Indication of Compromise by Host" where we can see hosts that have downloaded malware and are CnC connected. It looks like this:
We would like to get an email or/and a SNMP alert whenever this happens, but I cannot find where I can configure this.
I've looked under Policys->Actions->Alerts->Advanced Malware Protection Alerts, but I am not sure this is exactly the same alerts?
Thanks
/Chess
02-09-2023 12:21 AM - edited 02-09-2023 12:33 AM
Did some more invistagation into this and the IoC events we see in the Threat TAB in the dashboard comes from the Analysis->Hosts->Indications of Compromise page. Is it possible to get emaill alerts for those events?
Thanks
/Chess
02-09-2023 01:13 AM - edited 02-09-2023 01:17 AM
You could look into Monitor Alerts, there you can create alerts for Security intelligence on the FMC.
Another option, and perhaps a better option, is to integrate your FMC with SecureX, there you should be able to create playbooks based on events and those events trigger actions like sending an email.
https://blogs.cisco.com/security/automate-your-way-to-success-with-cisco-securex
02-09-2023 05:03 AM - edited 02-09-2023 05:17 AM
Thanks Marius. I will have a look at that.
Edit. Is this the correct one? This was the only one I found related to Security Intelligence, but it seems more like an update alert?
Best regards
/Chess
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: