Cisco Cisco Firepower Management Center 4000
22-4
FireSIGHT System User Guide
Chapter 22 Using Advanced Settings in an Intrusion Policy
Modifying Advanced Settings
Performance Settings
The system provides server settings for improving system performance.
External Responses
In addition to the various views of intrusion events within the web interface, you can enable logging to
syslog facilities or send event data to an SNMP trap server. You can specify intrusion event notification
limits, set up intrusion event notification to external logging facilities, and configure external responses
to intrusion events.
syslog facilities or send event data to an SNMP trap server. You can specify intrusion event notification
limits, set up intrusion event notification to external logging facilities, and configure external responses
to intrusion events.
To modify advanced settings:
Access:
Admin/Intrusion Admin
Step 1
Select
Policies > Intrusion > Intrusion Policy.
The Intrusion Policy page appears.
Step 2
Click the edit icon (
) next to the policy you want to edit.
If you have unsaved changes in another policy, click
OK
to discard those changes and continue. See
for information on saving unsaved changes in another
policy.
The Policy Information page appears.
Step 3
To select the advanced setting you want to modify, click
Advanced Settings
in the navigation panel on the
left, enable the configuration if it is disabled, then click
Edit
.
The configuration page appears. You can modify any of the configuration options for the advanced
setting you selected.
setting you selected.
Table 22-6
Intrusion Rule Threshold Settings
For information on...
See...
Global Rule Thresholding
Table 22-7
Performance Settings
For information on...
See...
Event Queue Configuration
Latency-Based Packet Handling
Latency-Based Rule Handling
Performance Statistics Configuration
Regular Expression Limits
Rule Processing Configuration
Table 22-8
External Response Settings
For information on...
See...
SNMP Alerting
Syslog Alerting