Cisco Cisco Firepower Management Center 4000
20-7
FireSIGHT System User Guide
Chapter 20 Configuring Intrusion Policies
Managing Intrusion Policies
To edit an intrusion policy:
Access:
Admin/Intrusion Admin
Step 1
Select
Policies > Intrusion > Intrusion Policy.
The Intrusion Policy page appears.
Step 2
Click the edit icon (
) next to the policy you want to edit, or the intrusion policy name.
The Policy Information page appears.
Step 3
You can take any of the actions described in
Step 4
Save your policy, continue editing, discard your changes, or exit while leaving your changes in the
system cache. See the
system cache. See the
table for more information.
display a filtered view of the Rules page
showing rules with recommended rule
states and, optionally, can set rule
attributes for specified rules
showing rules with recommended rule
states and, optionally, can set rule
attributes for specified rules
click
View
next to the number of recommendations to
generate events, drop and generate events, or disable rules, or
click
click
View Recommended Changes
to view all
recommendations. These options appear only when you have
generated recommendations. See
generated recommendations. See
for more information.
edit advanced settings
click Advanced Settings in the navigation panel. See
information.
revert advanced settings configuration
to default configuration settings in the
base policy layer
to default configuration settings in the
base policy layer
click
Revert to Defaults
on an advanced settings configuration
page, then click
OK
at the prompt. See
for more information.
manage policy layers
click policy layers in the navigation panel. See
for more information.
save changes to your policy
click
Commit Changes
. You must apply the appropriate access
control policy to put your changes into effect. See
, and
for more information.
discard all unsaved changes
click
Discard Changes
, then click
OK
to discard your changes
and go to the Intrusion Policy page, or click
Cancel
to keep
your changes and return to the Policy Information page.
exit the policy, leaving changes to the
policy in the system cache
policy in the system cache
select any menu or other path to another page. On exiting,
click
click
Leave page
when prompted, or click
Stay on page
to
remain in the advanced editor. See
for information on how the
system caches one policy per user.
Table 20-2
Common Intrusion Policy Editing Actions (continued)
To...
You can...