Cisco Cisco Firepower Management Center 4000
53-19
FireSIGHT System User Guide
Chapter 53 Updating System Software
Importing Rule Updates and Local Rule Files
The rule update is installed at the scheduled time and the rules are updated. You can log off or use the
web interface to perform other tasks before or during the import. When accessed during an import, the
Rule Update Log displays a red status icon (
web interface to perform other tasks before or during the import. When accessed during an import, the
Rule Update Log displays a red status icon (
). See
more information. During an import, you can also view messages as they occur in the Rule Update Log
detailed view. See
detailed view. See
information.
Note
Depending on rule update size and content, several minutes may pass before status messages
appear in the Rule Update Log or Rule Update Log detailed view.
appear in the Rule Update Log or Rule Update Log detailed view.
If you selected
Reapply intrusion policies after the Rule Update import completes
, the system applies
only the intrusion policies in the currently applied access control policy but does not apply the access
control policy. See
control policy. See
for more information.
If you did not select
Reapply intrusion policies after the Rule Update import completes
, changes in the rule
update are not implemented until the next time you apply the affected intrusion policies. See
for more information.
Applicable subtasks in the rule update import occur in the following order: download, install, base policy
update, and policy reapply. When one subtask completes, the next subtask begins. Note that you can only
apply policies previously applied by the appliance where the recurring import is configured.
update, and policy reapply. When one subtask completes, the next subtask begins. Note that you can only
apply policies previously applied by the appliance where the recurring import is configured.
Note
Contact Support if you receive an error message while installing the rule update.
Importing Local Rule Files
License:
Any
Note the following regarding importing local rules:
•
The text file name can include alphanumeric characters, spaces, and no special characters other than
underscore (
underscore (
_
), period (
.
), and dash (
-
).
•
You do not have to specify a Generator ID (GID); if you do, you can specify only GID 1 for a
standard text rule or 138 for a sensitive data rule.
standard text rule or 138 for a sensitive data rule.
•
Do not specify a Snort ID (SID) or revision number when importing a rule for the first time; this
avoids collisions with SIDs of other rules, including deleted rules.
avoids collisions with SIDs of other rules, including deleted rules.
The system will automatically assign the rule the next available custom rule SID of 1000000 or
greater, and a revision number of 1.
greater, and a revision number of 1.
•
You must include the SID assigned by the system and a revision number greater than the current
revision number when importing an updated version of a local rule that you have previously
imported.
revision number when importing an updated version of a local rule that you have previously
imported.
To view the revision number for a current local rule, display the Rule Editor page (
Policies > Intrusion
> Rule Editor
), click on the local rule category to expand the folder, then click
Edit
next to the rule.