Cisco Community
English
Register
Register
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
135
Views
4
Helpful
1
Replies
Highlighted
joseph.hamilton
Beginner
Beginner
‎06-04-2007 06:08 AM
‎06-04-2007 06:08 AM

Alerting in CSA 5.0

This isn't so much a technical question, but more a stylistic one...

Our Network group wants to set up paging in our CSA deployment, but obviously doesn't want pages for every little Alert that comes up.

Does anyone have any examples of alerts they set up in their CSA deployment? Just wanted to get an idea what rules to focus on that would indicate a network attack or trouble...

Labels:
0 Helpful
Reply
1 REPLY 1
Highlighted
tsteger1
Collaborator
Collaborator
‎06-04-2007 09:05 AM
‎06-04-2007 09:05 AM

We use an email account in a similar way with seven categories of alerts:

Application and COM invocation email alert rule.

Critical events (agent or MC problems)

Malware related event email alert rule

Portscan event email alert rule

Significant Network Event email alert rule

WSUS failures (goes to Service Desk to fix)

Suspend Agent event email alert rule

The thresholds and events are defined in the event sets and we filter false positives using email rules. You could probably do the same for Global Event correlation and portscans and use a pager.

The challenge is making it only notify you if you need to be notified so you don't start to ignore it.

Tom

Reply
Latest Contents
ISE Performance & Scale
Created by howon on 02-24-2021 08:26 PM
11
214
11
214
  ISE Node TerminologyISE DeploymentsISE Deployment Scale and LimitsMaximum Network Latency Between NodesISE Hardware PlatformsISE PSN PerformanceISE TACACS+ PerformanceISE 2.6 RADIUS PerformanceISE 2.4 RADIUS PerformanceISE 2.3 RADIUS PerformanceIS... view more
Detecting and Responding to the SolarWinds Infrastructure At...
Created by aligarci on 02-23-2021 08:19 AM
0
5
0
5
On December 8, FireEye reported that it had been compromised in a sophisticated supply chain attack: more specifically through the SolarWinds Orion IT monitoring and management software. The attackers leveraged business software updates in order to distr... view more
Arista CloudVision WiFi Dictionary and NAD Profile for ISE I...
Created by hslai on 02-21-2021 01:59 PM
0
10
0
10
Attached are the dictionary and NAD profile as described in Arista CloudVision WiFi Integration with Cisco ISE .
Cisco Secure Endpoint Free Trial Guide
Created by E.L. Howard on 02-15-2021 07:36 PM
0
0
0
0
ISE Node TerminologyISE DeploymentsISE Deployment Scale and LimitsISE Hardware PlatformsISE PSN PerformanceISE TrustSec ScalingISE Storage RequirementsISE ERS ScaleISE WAN Bandwidth CalculatorSources   About this Document Cisco Secure Endpoint (for... view more
Firepower 6.7 Release Demonstration - Health Monitoring
Created by Namit Agarwal on 02-08-2021 11:42 AM
0
0
0
0
  In this video, Namit reviews Health Monitoring improvements and introduces the new Unified Health Monitoring dashboard on the FMC. 
Content for Community-Ad