Cisco Cisco Firepower Management Center 4000
41-4
FireSIGHT System User Guide
Chapter 41 Configuring Remediations
Creating Remediations
•
•
•
Step 4
Begin assigning Cisco IOS remediations to specific correlation policy rules.
Adding a Cisco IOS Instance
License:
FireSIGHT
After you configure Telnet access on the Cisco IOS router (refer to the documentation provided with
your Cisco router or IOS software for more information about enabling Telnet access), you can add an
instance to the Defense Center. If you have multiple routers where you want to send remediations, you
must create a separate instance for each router.
your Cisco router or IOS software for more information about enabling Telnet access), you can add an
instance to the Defense Center. If you have multiple routers where you want to send remediations, you
must create a separate instance for each router.
To add a Cisco IOS instance:
Access:
Admin/Discovery Admin
Step 1
Select
Policies > Actions > Instances
.
The Instances page appears.
Step 2
From the
Add a New Instance
list, select
Cisco IOS Null Route (v1.0)
and click
Add
.
The Edit Instance page appears.
Step 3
In the
Instance Name
field, enter a name for the instance.
The name you choose should contain no spaces or special characters and should be descriptive. For
example, if you intend to connect more than one Cisco IOS router, you will have multiple instances, so
you may want to choose a name such as
example, if you intend to connect more than one Cisco IOS router, you will have multiple instances, so
you may want to choose a name such as
IOS_01
and
IOS_02
.
Step 4
In the
Router IP
field, enter the IP address of the Cisco IOS router you want to use for the remediation.
Step 5
In the
Username
field, enter the Telnet user name for the router. This user must have level 15
administrative access on the router.
Step 6
In the
Connection Password
fields, enter the Telnet user’s user password. The password entered in both
fields must match.
Step 7
In the
Enable Password
fields, enter the Telnet user’s enable password. This is the password used to enter
privileged mode on the router. The password entered in both fields must match.
Step 8
In the
White List
field, enter IP addresses that you want to exempt from the remediation, one per line. You
can also use CIDR notation or a specific IP address. For example, the following white list would be
accepted by the system:
accepted by the system:
10.1.1.152
172.16.1.0/24
Note that this white list is not associated with any compliance white lists you have created. For
information on using CIDR notation in the FireSIGHT System, see
information on using CIDR notation in the FireSIGHT System, see
.
Step 9
Click
Create
.
The instance is created and remediations appear in the Configured Remediations section of the page. You
must add specific remediations for them to be used by correlation policies. See the following sections
for more information:
must add specific remediations for them to be used by correlation policies. See the following sections
for more information:
•