Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Configuring Sourcefire Intrusion Sensor

To configure your Sourcefire Intrusion Sensor, you must enable policy alerts and configure your appliance to forward the event to JSA.

  1. Log in to your Sourcefire user interface.
  2. On the navigation menu, select Intrusion Sensor > Detection Policy > Edit.
  3. Select an active policy and click Edit.
  4. Click Alerting.
  5. In the State field, select on to enable the syslog alert for your policy.
  6. From the Facility list, select Alert.
  7. From the Priority list, select Alert.
  8. In the Logging Host field, type the IP address of the JSA Console or Event Collector.
  9. Click Save.
  10. On the navigation menu, select Intrusion Sensor > Detection Policy > Apply.
  11. Click Apply.

You are now ready to configure the log source in JSA.

Related Documentation