Intrusion email alert options

Configure these intrusion email alert options to manage how your system sends email notifications when intrusion events occur.

On/Off

Enable or disable intrusion email alerts.

Note

When you enable this option, alerts are sent for all rules. Select individual rules to limit alerting.

From/To addresses

Specify the email sender and one or more recipients. Use commas to separate multiple recipients.

Max alerts and frequency

Set the maximum number of email alerts (Max Alerts) that the Cloud-Delivered Firewall Management Center will send per time interval (Frequency).

Coalesce alerts

Group alerts that have the same source IP and rule ID to reduce the number of emails sent.

Summary output

Enable brief alerts suitable for text-limited devices. Brief alerts contain:

  • Timestamp

  • Protocol

  • Source and destination IPs and ports

  • Message

  • The number of intrusion events generated against the same source IP

Example: 2011-05-18 10:35:10 10.1.1.100 icmp 10.10.10.1:8 -> 10.2.1.3:0 snort_decoder: Unknown Datagram decoding problem! (116:108)

If you enable Summary Output, also consider enabling Coalesce Alerts. You may also want to lower Max Alerts to avoid exceeding text-message limits.

Time zone

The time zone for alert timestamps.

Email alerting on specific rules configuration

Choose rules to set email alerts for those specific events.