Vulnerability ProtectionDeep Security Manager can send emails to specific Users when selected Alerts are triggered. To enable the email system, you must give Vulnerability ProtectionDeep Security Manager access to an SMTP mail server. You must configure your SMTP settings and select which Alerts will trigger emails to which Users.
The SMTP configuration panel can be found in Administration > System Settings > SMTP.
Type the address of your SMTP mail (with the port if required). Enter a "From" email address from which the emails should be sent. Optionally type a "bounce" address to which delivery failure notifications should be sent if the Alert emails can't be delivered to one or more Users. If your SMTP mail server requires outgoing authentication, type the username and password credentials. Once you've entered the necessary information, use the Test SMTP Settings to test the settings.
There are over 30 conditions that trigger Alerts and you may not want all of them to trigger the sending of an email. To configure which Alerts trigger the sending of an email, go to Administration > System Settings > Alerts. Click View Alert Configuration to display the list of all Alerts. The checkmark next to the Alert indicates whether the Alert is "On" or not. If it is on, it means the Alert will be triggered if the corresponding situation arises, but it does not mean an email will be sent out. Double-click an Alert to view its Alert Configuration window.
To have an Alert trigger an email, it must be turned "On" and at least one of the "Send Email" checkboxes must be selected.
Finally, you have to set which Users receive Alert emails. Go to Administration > User management > Users. Double-click a User and select the Contact Information tab.
Select the "Receive Email Alerts" checkbox to have this User receive emailed notifications of Alerts.
Both the Agents/Appliances and the Manager can be instructed to forward Events to a SIEM system. The Agent/Appliance will send protection module-related security Event information and the Manager will send System Information.
System Events can be forwarded from the Manager via Syslog or SNMP. To configure the System Event Syslog or SNMP settings, go to the Administration> System Settings > SIEM or Administration> System Settings > SNMP tabs in the Vulnerability ProtectionDeep Security Manager.
Protection module security Events can be forwarded from the Agents/Appliances via Syslog. To configure the Protection module security Events Syslog settings, go to the Policy/Computer Editor > Settings > SIEM tab.
For information on configuring Syslog, see Syslog Integration (SIEM).