Manualsbrain.com
  1. Manuals
  2. Brands
  3. Cisco
  4. Cisco Firepower Management Center 4000

Cisco Cisco Firepower Management Center 4000

Download
Page of 1844
 
39-5
FireSIGHT System User Guide
 
Chapter 39      Configuring Correlation Policies and Rules
  Creating Rules for Correlation Policies
Providing Basic Rule Information
License: 
Any
You must give each correlation rule a name and, optionally, a short description. You can also place the 
rule in a rule group.
To provide basic rule information:
Access: 
Admin/Discovery Admin
Step 1
Select 
Policies > Correlation
, then select the 
Rule Management
 tab.
The Rule Management page appears.
Step 2
Click 
Create Rule
.
The Create Rule page appears.
Step 3
On the Create Rule page, in the 
Rule Name
 field, type a name for the rule.
Step 4
In the 
Rule Description
 field, type a description for the rule.
Step 5
Optionally, select a group for the rule from the 
Rule Group
 drop-down list.
For more information on rule groups, see 
Step 6
Continue with the procedure in the next section, 
Specifying Correlation Rule Trigger Criteria
License: 
FireSIGHT, Protection, URL Filtering, or Malware
Supported Devices: 
feature dependent
Supported Defense Centers: 
feature dependent
A simple correlation rule requires only that an event of a certain type occurs; you do not need to provide 
more specific conditions. For example, correlation rules based on traffic profile changes do not require 
any conditions at all. In contrast, correlation rules may be complex, with multiple nested conditions. For 
example, the rule shown in the following graphic comprises criteria that direct the rule to trigger if an 
IP address that is not in the 10.x.x.x subnet transmits an IGMP message.
To specify correlation rule trigger criteria:
Access: 
Admin/Discovery Admin