Cisco Cisco Firepower Management Center 4000
A-2
FireSIGHT System User Guide
Appendix A Importing and Exporting Configurations
Exporting Configurations
You can export a single configuration, or you can export a set of configurations (of the same type or of
different types) at once. When you later import the package onto another appliance, you can choose
which configurations in the package to import.
different types) at once. When you later import the package onto another appliance, you can choose
which configurations in the package to import.
When you export a configuration, the appliance also exports revision information for that configuration.
The FireSIGHT System uses that information to determine whether you can import that configuration
onto another appliance; you cannot import a configuration revision that already exists on an appliance.
The FireSIGHT System uses that information to determine whether you can import that configuration
onto another appliance; you cannot import a configuration revision that already exists on an appliance.
In addition, when you export a configuration, the appliance also exports system configurations that the
configuration depends on, such as authentication objects. For example, if you set up authentication to an
LDAP server on your Defense Center, then export a Defense Center system policy with authentication
enabled, the authentication object is exported as well.
configuration depends on, such as authentication objects. For example, if you set up authentication to an
LDAP server on your Defense Center, then export a Defense Center system policy with authentication
enabled, the authentication object is exported as well.
Tip
Many list pages in the FireSIGHT System include an export icon (
) next to list items. Where this
icon is present, you can use it as a quick alternative to the export procedure that follows.
You can export the following configurations:
•
Alert responses — An alert response is a set of configurations that allows the FireSIGHT System to
interact with the external system where you plan to send the alert.
interact with the external system where you plan to send the alert.
•
Custom tables — A custom table is a table you can construct that combines fields from two or more
of the predefined tables delivered with the FireSIGHT System.
of the predefined tables delivered with the FireSIGHT System.
•
Custom user roles — A custom user role is a user role that you create with a specialized set of access
privileges. Exporting a custom user role that requires saved searches also exports all of the necessary
saved searches.
privileges. Exporting a custom user role that requires saved searches also exports all of the necessary
saved searches.
•
Custom workflows — A custom workflow is a workflow that you create to meet the unique needs of
your organization. On the Defense Center, you can export custom workflows that you create as well
as the predefined custom workflows delivered with the appliance.
your organization. On the Defense Center, you can export custom workflows that you create as well
as the predefined custom workflows delivered with the appliance.
Note that if a Defense Center does not allow you to view the table on which an exported custom
workflow is based, you can import the workflow but will not be able to view it.
workflow is based, you can import the workflow but will not be able to view it.
•
Dashboards — A dashboard is a customizable tabbed view that provides you with an at-a-glance
display of your current system status. Dashboards use various widgets to present data about the
events collected and generated by the FireSIGHT System, as well as information about the status
and overall health of the appliances in your deployment.
display of your current system status. Dashboards use various widgets to present data about the
events collected and generated by the FireSIGHT System, as well as information about the status
and overall health of the appliances in your deployment.
Note that the dashboard widgets that you can view depend on the type of appliance you are using
and on your user role. For more information, see
and on your user role. For more information, see
.
•
Access control policies — Access control policies include a variety of components that you can
configure to determine how the system manages traffic on your network. These components include
access control rules as well as any objects the rules use, and may also include referenced intrusion
and file policies. Exporting an access control policy exports all settings and components for the
policy except (where present) URL reputations and categories, which are equivalent across
appliances and which users cannot change.
configure to determine how the system manages traffic on your network. These components include
access control rules as well as any objects the rules use, and may also include referenced intrusion
and file policies. Exporting an access control policy exports all settings and components for the
policy except (where present) URL reputations and categories, which are equivalent across
appliances and which users cannot change.
If an access control policy that you export references an intrusion policy, the rule update version on
the exporting and importing appliances must match.
the exporting and importing appliances must match.
If an access policy that you export contains rules that reference geolocation data, the importing
Defense Center’s geolocation database (GeoDB) update version is used.
Defense Center’s geolocation database (GeoDB) update version is used.
If an access control policy that you export references an unsupported DC500 or Series 2 device
policy feature or rule condition, you cannot use a DC500 to apply the policy and you cannot apply
the policy to a Series 2 device. Neither the DC500 nor Series 2 devices support user or URL rule
policy feature or rule condition, you cannot use a DC500 to apply the policy and you cannot apply
the policy to a Series 2 device. Neither the DC500 nor Series 2 devices support user or URL rule