Cisco Cisco Firepower Management Center 4000
53-15
FireSIGHT System User Guide
Chapter 53 Updating System Software
Importing Rule Updates and Local Rule Files
Rule updates may also change the default state of existing rules. For information on choosing
whether to allow rule updates to change the default states of existing rules in intrusion policies you
create, see
whether to allow rule updates to change the default states of existing rules in intrusion policies you
create, see
•
Rule updates are cumulative, so the newest rule update contains the intrusion rules of all previous
updates. You cannot import a rule update that either matches or predates the version of the currently
installed rules.
updates. You cannot import a rule update that either matches or predates the version of the currently
installed rules.
•
When you use a default policy provided by Cisco as your base policy, you can choose whether to
allow rule updates to modify your base policy with any changes to intrusion rules, preprocessor
rules, and advanced settings. See
allow rule updates to modify your base policy with any changes to intrusion rules, preprocessor
rules, and advanced settings. See
for more information.
•
Rule updates may include new default variables and modified values for existing default variables.
New variables are always added to your system. Your existing variable values are updated only if
you have not modified them. See
New variables are always added to your system. Your existing variable values are updated only if
you have not modified them. See
for more information.
•
Rule updates may include new rule categories. New rule categories in rule updates are always added
to your system. See
to your system. See
for more information.
•
The Rule Updates page lists intrusion policies with cached changes and the users who made those
changes. Importing a rule update discards all cached changes. See
changes. Importing a rule update discards all cached changes. See
for more information.
•
When a rule update includes shared object rules, applying an access control policy for this first time
after the rule import causes a short pause in traffic flow and processing, and may also cause a few
packets to pass uninspected.
after the rule import causes a short pause in traffic flow and processing, and may also cause a few
packets to pass uninspected.
•
If your FireSIGHT System deployment includes two Defense Centers configured as a high
availability pair, you only need to update rules on one of the Defense Centers. The second Defense
Center receives the rule update as part of the regular synchronization process.
availability pair, you only need to update rules on one of the Defense Centers. The second Defense
Center receives the rule update as part of the regular synchronization process.
•
Optionally, when the import completes, you can automatically reapply intrusion policies owned by
the appliance where you import the rule update.
the appliance where you import the rule update.
See the following sections for more information:
•
explains how to import a single rule update from the
Support Site.
•
explains how to use an automated feature on the web
interface to download and install rule updates from the Support Site.
•
explains how to import a copy of a standard text rules file
that you have created on a local machine.
•
explains the rule update log.
Using One-Time Rule Updates
License:
Any
There are two methods that you can use for one-time rule updates:
•
explains how to manually download a rule
update from the Support Site to your local machine and then manually install the rule update.
•
explains how to use an automated feature on
the web interface to search the Support Site for new rule updates and upload them.