Configure SNMP alerting for intrusion events

Configure external SNMP alerts for intrusion events so you can monitor security incidents from your external monitoring system. Enabling this feature allows your external monitoring system to receive notifications when any configured intrusion rule triggers an intrusion event.

The managed device sends alerts when specific intrusion events occur.

Note

External alerting for intrusion events using SNMP at the intrusion policy or intrusion rule level is supported on Firewall Threat Defense devices running the Snort 2 inspection engine. On devices using Snort 3, SNMP trap destination is inherited from the logging settings in the access control policy.

Procedure

Step 1	Choose Policies > Security policies > Intrusion and click Snort 2 Version.
Step 2	In the intrusion policy editor's navigation pane, click Advanced Settings.
Step 3	Enable SNMP Alerting, then click Edit next to SNMP Alerting. A message appears at the bottom of the page, identifying the intrusion policy layer that contains the configuration.
Step 4	Choose the Trap Type.
Step 5	Choose an SNMP Version, then specify configuration options as described in Intrusion SNMP alert configuration options.
Step 6	In the navigation pane, click Rules.
Step 7	Choose the rules for which you want to enable SNMP alerts. Then, from the Alerting drop-down list, choose Add SNMP Alert.
Step 8	To save changes you made in this policy since the last policy commit, choose Policy Information, then click Commit Changes. If you leave the policy editor without committing, unsaved changes are discarded when you edit a different policy.

What to do next

Deploy configuration changes.