The Cisco ASA must be configured to send an alert to organization-defined personnel and/or the firewall administrator when malicious code is detected.
An XCCDF Rule
Description
Without an alert, security personnel may be unaware of an impending failure of the audit capability, and the ability to perform forensic analysis and detect rate-based and other anomalies will be impeded. The IDPS generates an immediate (within seconds) alert which notifies designated personnel of the incident. Sending a message to an unattended log or console does not meet this requirement since that will not be seen immediately. These messages should include a severity level indicator or code as an indicator of the criticality of the incident. The ISSM or ISSO may designate the firewall administrator and/or other authorized personnel to receive the alert within the specified time, validate the alert, and then forward only validated alerts to the ISSM and ISSO.
- ID
- SV-239888r665977_rule
- Version
- CASA-IP-000280
- Severity
- Medium
- References
- Updated
Remediation Templates
A Manual Procedure
Configure email server and email addresses to send alerts to organization-defined personnel and/or the firewall administrator.
Step 1: Navigate to Policies >> Actions >> Alerts.
Step 2: From the Create Alert drop-down menu, choose Create Email Alert.