Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2324
Views
5
Helpful
6
Replies

Trigger email alert for file/malware detection

Go to solution
ryan14
Level 1
Level 1

‎01-03-2020 07:28 AM - edited ‎02-21-2020 09:48 AM

How do I configure an email alert message for something logged in the Firepower Management Center?

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
InTheJuniverse
Level 1
Level 1

‎01-03-2020 07:47 AM

If you intend to be alerted if a malware is detected in network, then you'd achieve that through correlation

 

https://www.cisco.com/c/en/us/td/docs/security/firepower/60/configuration/guide/fpmc-config-guide-v60/Correlation_Policies.html

View solution in original post

0 Helpful
6 Replies 6

Go to solution
InTheJuniverse
Level 1
Level 1

‎01-03-2020 07:31 AM

Please clarify, the subject of this question and the body seem to be talking about two different requests.

0 Helpful

Go to solution
InTheJuniverse
Level 1
Level 1

‎01-03-2020 07:47 AM

If you intend to be alerted if a malware is detected in network, then you'd achieve that through correlation

 

https://www.cisco.com/c/en/us/td/docs/security/firepower/60/configuration/guide/fpmc-config-guide-v60/Correlation_Policies.html

0 Helpful

Go to solution
ryan14
Level 1
Level 1
In response to InTheJuniverse

‎01-03-2020 08:10 AM

Thanks for the reply. I basically want to be alerted if the file access policy detects a bad file and blocks it. The "action" tab is misleading in the rules of the policy itself. What is the difference between block files and block malware? I just want to know about if the policy did find something and it blocked a file whether is malware or blocked it for other reasons, without manually going to the dashboard.

0 Helpful

Go to solution
Rob Ingram
VIP
VIP
In response to ryan14

‎01-03-2020 08:25 AM

Hi, From FMC 6.3 you can send a syslog message for file and malware events. You could then configure your syslog server to send an email alert based on the syslog message it received.

Blocking a file would block all defined files (e.g *.pdf) regardless of whether the file was malware or not, it does not query the AMP cloud. Whereas block malware would obviously block a file if it was determined to be malicous.

HTH

Go to solution
ryan14
Level 1
Level 1
In response to Rob Ingram

‎01-03-2020 10:27 AM

That makes sense, appreciate the feedback.
0 Helpful

Go to solution
ryan14
Level 1
Level 1

‎01-03-2020 08:24 AM

Thanks for leading me into the right direction. I have created a correlation rule and configured an alert via Policies -> Actions->Alerts then Advance Malware Protection alerts and it worked. Thank you.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card