Intrusion Email Alert Options

On/Off

Enables or disables intrusion email alerts.

Note

Enabling it will enable alerting for all rules unless individual rules are selected.

From/To Addresses

The email sender and recipients. You can specify a comma-separated list of recipients.

Max Alerts and Frequency

The maximum number of email alerts (Max Alerts) that the Secure Firewall Management Center will send per time interval (Frequency).

Coalesce Alerts

Reduces the number of alerts sent by grouping alerts that have the same source IP and rule ID.

Summary Output

Enables brief alerts, suitable for text-limited devices. Brief alerts contain:

  • Timestamp

  • Protocol

  • Source and destination IPs and ports

  • Message

  • The number of intrusion events generated against the same source IP

For example: 2011-05-18 10:35:10 10.1.1.100 icmp 10.10.10.1:8 -> 10.2.1.3:0 snort_decoder: Unknown Datagram decoding problem! (116:108)

If you enable Summary Output, also consider enabling Coalesce Alerts. You may also want to lower Max Alerts to avoid exceeding text-message limits.

Time Zone

The time zone for alert timestamps.

Email Alerting on Specific Rules Configuration

Allows you to choose the rules where you want to set email alerts.