Cisco Cisco Firepower Management Center 4000
41-7
FireSIGHT System User Guide
Chapter 41 Configuring Remediations
Creating Remediations
Step 1
Select
Policies > Actions > Instances
.
The Instances page appears.
Step 2
Next to the instance where you want to add the remediation, click
View
.
If you have not yet added an instance, see
.
The Edit Instance page appears.
Step 3
In the
Configured Remediations
section, select
Block Source
and click
Add
.
The Edit Remediation page appears.
Step 4
In the
Remediation Name
field, enter a name for the remediation.
The name you choose cannot contain spaces or special characters and should be descriptive. For
example, if you have multiple Cisco IOS router instances and multiple remediations for each instance,
you may want to specify a name such as
example, if you have multiple Cisco IOS router instances and multiple remediations for each instance,
you may want to specify a name such as
IOS_01_BlockSrc
.
Step 5
Optionally, in the
Description
field, enter a description of the remediation.
Step 6
Click
Create
, then click
Done
.
The remediation is added.
Cisco IOS Block Source Network Remediations
License:
FireSIGHT
The Cisco IOS Block Source Network remediation allows you to block any traffic sent from the router
to the network of the source host in a correlation event. The source host is the source IP address in the
connection event or intrusion event upon which the correlation rule is based, or the host IP address in a
discovery event.
to the network of the source host in a correlation event. The source host is the source IP address in the
connection event or intrusion event upon which the correlation rule is based, or the host IP address in a
discovery event.
To add the remediation:
Access:
Admin/Discovery Admin
Step 1
Select
Policies > Actions > Instances
.
The Instances page appears.
Step 2
Next to the instance where you want to add the remediation, click
View
.
If you have not yet added an instance, see
.
The Edit Instance page appears.
Step 3
In the
Configured Remediations
section, select
Block Source Network
and click
Add
.
The Edit Remediation page appears.
Step 4
In the
Remediation Name
field, enter a name for the remediation.
The name you choose should contain no spaces or special characters and should be descriptive. For
example, if you have multiple Cisco IOS router instances and multiple remediations for each instance,
you may want to specify a name such as
example, if you have multiple Cisco IOS router instances and multiple remediations for each instance,
you may want to specify a name such as
IOS_01_BlockSourceNet
.
Step 5
Optionally, in the
Description
field, enter a description of the remediation.
Step 6
In the
Netmask
field, enter the subnet mask or CIDR notation that describes the network that you want to
block traffic to.