How do I add / modify the Alerts that are emailed from the Cisco Web Security Appliance?
Cisco Web Security Appliance (WSA), all versions of AsyncOS.
The Cisco Web Security Appliance (WSA) has many different email alerts that are sent out. You can modify which alerts are sent out as well as to which email addresses. This can be done via the CLI or the GUI. Please see the instructions below:
Go to 'System Administration' tab -> 'Alerts':
To modify the alerts on an already configured email address, please click the email address you wish to modify.
To add a new email address to receive the alerts, please click the 'Add Recipient...' button.
Initial number of seconds to wait before sending a duplicate alert: 300 Maximum number of seconds to wait before sending a duplicate alert: 3600
Alerts will be sent using the system-default From Address.
Choose the operation you want to perform: - NEW - Add a new email address to send alerts. - EDIT - Modify alert subscription for an email address. - DELETE - Remove an email address. - CLEAR - Remove all email addresses (disable alerts). - SETUP - Configure alert settings. - FROM - Configure the From Address of alert emails. > new
Choose the Alert Classes. Separate multiple choices with commas. 1. All 2. System 3. Hardware 4. Updater 5. Web Proxy 6. DVS and Anti-Malware 7. L4 Traffic Monitor > 2,4,7
Select a Severity Level. Separate multiple choices with commas. 1. All 2. Critical 3. Warning 4. Information > 1
Multiple Alert Classes and Severity Levels can be chosen by separating the corresponding numbers with a comma.
In the previous example (2,4,7), the Alerts to be sent are 'System', 'Updater', and 'L4 traffic monitor'.
You may not want all the selected Alert Classes to have the same Severity Level. If this is the case, you will have to choose the 'Edit' option after specifying the Severity Level and specify each Severity Level per Alert Class.