Manualsbrain.com
  1. Manuals
  2. Brands
  3. Cisco
  4. Cisco Firepower Management Center 4000

Cisco Cisco Firepower Management Center 4000

Download
Page of 1844
 
53-24
FireSIGHT System User Guide
 
Chapter 53      Updating System Software 
  Importing Rule Updates and Local Rule Files
Searching the Rule Update Import Log
License: 
Any
Table 53-5
Rule Update Import Log Detailed View Fields 
Field
Description
Time
The time and date the import began.
Name
The name of the imported object, which for rules corresponds to the rule Message field, and for rule 
update components is the component name.
Type
The type of imported object, which can be one of the following:
  •
rule update component
 (an imported component such as a rule pack or policy pack)
  •
rule
 (for rules, a new or updated rule; note that in Version 5.0.1 this value replaced the 
update
 value, 
which is deprecated)
  •
policy apply 
(the 
Reapply intrusion policies after the Rule Update import completes
 option was enabled 
for the import)
Action
An indication that one of the following has occurred for the object type:
  •
new
 (for a rule, this is the first time the rule has been stored on this appliance)
  •
changed
 (for a rule update component or rule, the rule update component has been modified, or the 
rule has a higher revision number and the same GID and SID)
  •
collision
 (for a rule update component or rule, import was skipped because its revision conflicts 
with an existing component or rule on the appliance)
  •
deleted
 (for rules, the rule has been deleted from the rule update)
  •
enabled
 (for a rule update edit, a preprocessor, rule, or other feature has been enabled in a default 
policy provided by Cisco)
  •
disabled
 (for rules, the rule has been disabled in a default policy provided by Cisco)
  •
drop
 (for rules, the rule has been set to Drop and Generate Events in a default policy provided by 
Cisco)
  •
error
 (for a rule update or local rule file, the import failed)
  •
apply
 (the 
Reapply intrusion policies after the Rule Update import completes
 option was enabled for the 
import)
Default Action
The default action defined by the rule update. When the imported object type is 
rule
, the default action 
is 
Pass
Alert
, or 
Drop
. For all other imported object types, there is no default action.
GID
The generator ID for a rule. For example, 
1
 (standard text rule) or 
3
 (shared object rule). See th
 table for more information.
SID
The SID for a rule.
Rev
The revision number for a rule.
Policy
For imported rules, this field displays 
All
, which indicates that the imported rule was included in all 
default intrusion policies. For other types of imported objects, this field is blank.
Details
A string unique to the component or rule. For rules, the GID, SID, and previous revision number for a 
changed rule, displayed as 
previously (GID:SID:Rev)
. This field is blank for a rule that has not changed.
Count
The count (
1
) for each record. The Count field appears in a table view when the table is constrained, and 
the Rule Update Log detailed view is constrained by default to rule update records.