Cisco Cisco Firepower Management Center 4000

Admin/Intrusion Admin

Select 

The Intrusion Policy page appears.

Click the edit icon (

) next to the policy you want to edit, or the intrusion policy name.

The Policy Information page appears.

You can take any of the actions described in 

Save your policy, continue editing, discard your changes, or exit while leaving your changes in the 
system cache. See the 

 table for more information.

display a filtered view of the Rules page 
showing rules with recommended rule 
states and, optionally, can set rule 
attributes for specified rules

click 

 next to the number of recommendations to 

generate events, drop and generate events, or disable rules, or 
click 

 to view all 

recommendations. These options appear only when you have 
generated recommendations. See 

 for more information.

edit advanced settings

click Advanced Settings in the navigation panel. See 

information.

revert advanced settings configuration 
to default configuration settings in the 
base policy layer

click 

 on an advanced settings configuration 

page, then click 

 at the prompt. See 

 for more information.

manage policy layers

click policy layers in the navigation panel. See 

 for more information.

save changes to your policy

click 

. You must apply the appropriate access 

control policy to put your changes into effect. See 

, and 

for more information.

discard all unsaved changes

click 

, then click 

 to discard your changes 

and go to the Intrusion Policy page, or click 

 to keep 

your changes and return to the Policy Information page.

exit the policy, leaving changes to the 
policy in the system cache

select any menu or other path to another page. On exiting, 
click 

when prompted, or click 

to 

remain in the advanced editor. See 

 for information on how the 

system caches one policy per user.