Guest

Cisco IPS 4200 Series Sensors

IPS 6.X and later: Email Notifications using IME Configuration Example

Document ID: 111659

Updated: Feb 05, 2010

   Print

Introduction

This document explains the process of the configuration of the Cisco IPS Manager Express (IME) in order to send the email notification message (alerts) when Event Rules are triggered by Cisco Intrusion Prevention System (IPS) Sensors.

Prerequisites

Requirements

There are no specific prerequisites for this document.

Components Used

The information in this document is based on these software and hardware versions:

  • Cisco 4200 Series IPS Device that runs software version 6.0 and later

  • Cisco IPS Manager Express (IME) version 6.1.1 and later

    Note: While IME can be used to monitor sensor devices that run Cisco IPS 5.0 and later, some of the new features and functionality delivered in IME are only supported on sensors that run Cisco IPS 6.1 or later.

The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command.

Related Products

This configuration can also be used with these sensors:

  • IPS-4240

  • IPS-4255

  • IPS-4260

  • IPS-4270-20

  • AIP-SSM

Conventions

Refer to the Cisco Technical Tips Conventions for more information on document conventions.

Background Information

The Cisco Intrusion Prevention System (IPS) does not have the ability to send e-mail alerts on its own. Cisco IPS Manager Express (IME) has the ability to send e-mail notifications when an Event Rule is triggered. The variables that can be used within the e-mail notification for each event includes variables such as the Signature ID, the source and destination of the alert, and many more.

Configure

In this section, you are presented with the information to configure email notification with the Cisco IPS Manager Express.

Email Notification Configuration in IME

Complete these steps in order to configure Email notifications using Cisco IPS Manager Express:

  1. Choose Tools > Preferences as shown in the screen shot.

    ips-email-ime-config-01.gif

  2. Now in the Preferences window that has opened, choose the Notification tab. Make sure that the check box next to Enable email/epage notifications is checked, which is a must for the IME to send email notifications. Provide the required information in the Mail Server, From Address, and Recipient Address(es) fields as shown in the screen shot. In this example, the Mail Server used is test.com, the From email Address used is abc@xyz.com and the Recipient email Address is admin@mycompany.com.

    ips-email-ime-config-02.gif

  3. Check one of the boxes next to High, Medium, Low, or Informational level alerts in order to choose the level for which alerts has to sent . Also check the boxes next to the filed names required in order choose the fields to be present in the notification mail. In this example, the fields chosen are Sub Sig ID and Sig Name. Then check the boxes next to send summarized notifications and send detailed notifications as shown in order to choose Notification Type. Then click Apply.

    ips-email-ime-config-03.gif

  4. Click OK, and then click on send a Test Mail button in order to check if the IME is able to send an email alert according to the configuration. If an email is received by the recipients configured then the configuration works fine.

    ips-email-ime-config-04.gif

    This completes the email notification configuration procedure.

Troubleshoot

There is currently no specific troubleshooting information available for this configuration.

Related Information

Updated: Feb 05, 2010
Document ID: 111659