Cisco Cisco Firepower Management Center 4000
20-11
FireSIGHT System User Guide
Chapter 20 Configuring Intrusion Policies
Managing Intrusion Policies
To view an intrusion policy report:
Access:
Admin/Intrusion Admin
Step 1
Select
Policies > Intrusion > Intrusion Policy
.
The Intrusion Policy page appears.
Step 2
Click the report icon (
) next to the intrusion policy for which you want to generate a report.
Remember to commit any potential changes before you generate an intrusion policy report; only
committed changes appear in the report.
committed changes appear in the report.
The system generates the intrusion policy report. Depending on your browser settings, the report may
appear in a pop-up window, or you may be prompted to save the report to your computer.
appear in a pop-up window, or you may be prompted to save the report to your computer.
Comparing Two Intrusion Policies
License:
Protection
Table 20-3
Intrusion Policy Report Sections
Section
Description
Title Page
Identifies the name of the intrusion policy report, the date and time the intrusion
policy was last modified, and the name of the user who made that modification.
policy was last modified, and the name of the user who made that modification.
Note that the Intrusion Policy Report lists the Last Modified time in UTC, but
the Intrusion Policy page lists the modified time in local time.
the Intrusion Policy page lists the modified time in local time.
Table of Contents
Describes the contents of the report. Only enabled intrusion policy features
appear on the report. For example, if the DNS Configuration feature is not
enabled in your intrusion policy, it does not appear in the table of contents or in
the report.
appear on the report. For example, if the DNS Configuration feature is not
enabled in your intrusion policy, it does not appear in the table of contents or in
the report.
Policy Information
Provides the name and description of the intrusion policy, whether dropping
packets in an inline deployment is enabled or disabled, current rule update
version, whether the base policy is locked to the current rule update, the date
and time the intrusion policy was last modified, and the name of the user who
made that modification. See
packets in an inline deployment is enabled or disabled, current rule update
version, whether the base policy is locked to the current rule update, the date
and time the intrusion policy was last modified, and the name of the user who
made that modification. See
.
FireSIGHT
Recommendations
Recommendations
Provides information on any recommended rule states based on the hosts and
applications in your network. Optionally, you can set your intrusion policy to
applications in your network. Optionally, you can set your intrusion policy to
Include all differences between recommendations and rule states in policy reports
. See
Advanced Settings
Lists all advanced feature settings (such as Checksum Verification, DCE/RPC
Configuration, and so on) and their configurations (such as enabled, default,
stateful, and so on). See
Configuration, and so on) and their configurations (such as enabled, default,
stateful, and so on). See
.
Rules
Provides a list of all enabled rules (such as
Backdoor — Dagger, DDOS TFN Probe, and so on) and their actions (such as
Generate events, Drop and generate events, and so on). See
Generate events, Drop and generate events, and so on). See
.