Cisco Cisco FirePOWER Appliance 7115
Version 5.3
Sourcefire 3D System User Guide
715
Configuring Intrusion Policies
Planning and Implementing an Intrusion Policy
Chapter 19
See the following sections for more information:
•
on page 715 describes, at a
high level, the process you use to create an intrusion policy.
•
on page 717 explains how to view a listing of
your intrusion policies, and create and edit policies.
•
on page 735 explains how to
set whether your policy drops offending packets for rules set to Drop and
Generate Events in an inline deployment.
•
on page 737 explains how to replace your
base policy with a different default intrusion policy provided by Sourcefire or
a custom base policy that you create.
•
on page 744 explains how you can
enable and disable rules and configure other rule attributes such as
thresholds, suppression, and so on.
•
on page 791 explains
how you can generate rule state recommendations for intrusion rules based
on the hosts and applications on your network.
•
on page 799 explains how
you can enable, disable, and configure preprocessors and other advanced
detection and performance features.
•
on page 818 explains how you can use
intrusion policy layers to more efficiently manage multiple intrusion policies
in a complex network environment.
•
on page 196 explains how you can use the
variables in variable sets to tailor intrusion rules you enable in your policies
and other intrusion policy features to match the traffic your network.
Planning and Implementing an Intrusion Policy
L
ICENSE
: Protection
Building custom intrusion policies can improve the performance of the system in
your environment and can provide a focused view of the malicious traffic and
policy violations occurring on your network.
Traffic profiles and characteristics may change either by design or from the result
Traffic profiles and characteristics may change either by design or from the result
of malicious action. Sourcefire recommends building a customized intrusion
policy to ensure successful monitoring under a wide range of traffic conditions.