Cisco Cisco Firepower Management Center 4000

You must apply the appropriate access control policy to put your changes into effect. See 

 for more information.

To open the advanced intrusion policy editor, click 

 for more information.

Protection

You can use the advanced intrusion policy editor to configure any intrusion policy feature. You can 
configure most commonly used settings on or directly from the Policy Information page. For information 
on more advanced intrusion policy features, see 

 and 

The following table explains the most common actions taken when editing an intrusion policy:

specify a different drop behavior in an 
inline deployment

select or clear the

 check box. See 

 for 

more information.

select a different base policy

click Select Base Policy. See 

 for more information.

view the advanced settings that are 
enabled by default in your base policy

click 

 for more information.

tailor variables and variable sets for 
your specific network environment

see 

display or modify configured rule 
attributes for the rules in your intrusion 
policy

click 

. See 

 for more information.

display a filtered view of the intrusion 
policy Rules page showing rules 
enabled in your policy by current rule 
state and, optionally, set rule attributes 
for specified rules

click 

 next to the number of rules under 

 that 

are set to Generate Events or to Drop and Generate Events. 
See 

 for 

more information.

display the FireSIGHT Recommended 
Rules configuration page

click FireSIGHT Recommendations in the navigation panel. 
Alternately, click 

 on the Policy Information page if you have 

not generated recommendations, or 

 if you have generated recommendations. 

 for more information.