Cisco Cisco FirePOWER Appliance 7115
Version 5.3
Sourcefire 3D System User Guide
717
Configuring Intrusion Policies
Managing Intrusion Policies
Chapter 19
•
Optionally, configure your preprocessors, enabling and disabling options
as appropriate.
For more information on the preprocessors provided in Sourcefire 3D
For more information on the preprocessors provided in Sourcefire 3D
System, as well as details on how to configure them, see
•
Define your variables to accurately reflect your home and external
networks.
Defining variables makes rule inspection more effective and efficient by
Defining variables makes rule inspection more effective and efficient by
directing rules to inspect the traffic to and from specific IP addresses
and ports. Defining these in the default variable set or in custom sets
allows you to tune your policy or system without editing every rule.
Variables can also be used when suppressing rules and configuring the
advanced adaptive profiles feature. For details on managing variables,
see
•
Disable shared object rules and standard text rules that do not apply to
your environment and verify that all rules that do apply to your
environment are enabled. For inline deployments, carefully choose the
intrusion rules that you want to drop packets rather than simply
generate events. For more information on setting rule states, see
4. If none of the existing intrusion rules meet your needs, write new rules that
inspect for intrusion attempts.
For information on the rule keywords you can use to construct custom
For information on the rule keywords you can use to construct custom
standard text rules, and their syntax, see
5. Test your configuration.
Managing Intrusion Policies
L
ICENSE
: Protection
On the Intrusion Policy page (Policies> Intrusion > Intrusion Policy) you can view all
your current intrusion policies by name with optional description along with the
following information:
•
the time and date the policy was last modified and the user who modified it.
•
whether dropping packets in an inline deployment is enabled in the policy
•
when a policy has unsaved changes, in italicized black text