Cisco Cisco Firepower Management Center 4000
20-12
FireSIGHT System User Guide
Chapter 20 Configuring Intrusion Policies
Managing Intrusion Policies
To review policy changes for compliance with your organization’s standards or to optimize system
performance, you can examine the differences between two intrusion policies. You can compare any two
intrusion policies or two revisions of the same intrusion policy, for the intrusion policies you can access.
Optionally, after you compare, you can then generate a PDF report to record the differences between the
two policies or policy revisions.
performance, you can examine the differences between two intrusion policies. You can compare any two
intrusion policies or two revisions of the same intrusion policy, for the intrusion policies you can access.
Optionally, after you compare, you can then generate a PDF report to record the differences between the
two policies or policy revisions.
There are two tools you can use to compare intrusion policies or intrusion policy revisions:
•
The comparison view displays only the differences between two intrusion policies or intrusion
policy revisions in a side-by-side format; the name of each policy or policy revision appears in the
title bar on the left and right sides of the comparison view.
policy revisions in a side-by-side format; the name of each policy or policy revision appears in the
title bar on the left and right sides of the comparison view.
You can use this to view and navigate both policy revisions on the web interface, with their
differences highlighted.
differences highlighted.
•
The comparison report creates a record of only the differences between two intrusion policies or
intrusion policy revisions in a format similar to the intrusion policy report, but in PDF format.
intrusion policy revisions in a format similar to the intrusion policy report, but in PDF format.
You can use this to save, copy, print and share your policy comparisons for further examination.
For more information on understanding and using the intrusion policy comparison tools, see:
•
•
Using the Intrusion Policy Comparison View
License:
Protection
The comparison view displays both intrusion policies or policy revisions in a side-by-side format, with
each policy or policy revision identified by name in the title bar on the left and right sides of the
comparison view. The time of last modification and the last user to modify are displayed to the right of
the policy name. Note that the Intrusion Policy page displays the time a policy was last modified in local
time, but the intrusion policy report lists the time modified in UTC. Differences between the two
intrusion policies or policy revisions are highlighted:
each policy or policy revision identified by name in the title bar on the left and right sides of the
comparison view. The time of last modification and the last user to modify are displayed to the right of
the policy name. Note that the Intrusion Policy page displays the time a policy was last modified in local
time, but the intrusion policy report lists the time modified in UTC. Differences between the two
intrusion policies or policy revisions are highlighted:
•
Blue indicates that the highlighted setting is different in the two policies or policy revisions, and the
difference is noted in red text.
difference is noted in red text.
•
Green indicates that the highlighted setting appears in one policy or policy revision but not the other.
You can perform any of the actions described in the following table.
Table 20-4
Intrusion Policy Comparison View Actions
To...
You can...
navigate individually through
changes
changes
click
Previous
or
Next
above the title bar.
The double-arrow icon (
) centered between the left and right
sides moves, and the
Difference
number adjusts to identify which
difference you are viewing.
determine which layer contains the
configuration for a specific advanced
setting
configuration for a specific advanced
setting
hover over the advanced configuration icon (
) next to the
configuration you want to view.
The window displays the name of the layer that contains the
advanced configuration. See
advanced configuration. See
for more information.