Cisco Cisco Firepower Management Center 4000

Protection

You can adjust how rules are displayed in the intrusion policy. Rules can be sorted by several criteria. 
You can also display the details for a specific rule to see rule settings, rule documentation, and other rule 
specifics. 

The Rules page has four primary areas of functionality: 

the filtering features — for more information, see 

the rule attribute menus — for more information, see 

, 

, 

, and 

the rules listing — for more information, see the 

 table.

the rule details — for more information, see 

You can also sort rules by different criteria; for more information, see 

.

Note that the icons used as column headers correspond to the menus in the menu bar, where you access 
those configuration items. For example, the Rule State menu is marked with the same icon (

) as the 

Rule State column. 

The following table describes the columns on the Rules page. 

GID

Integer which indicates the Generator ID (GID) for 
the rule.

SID

Integer which indicates the Snort ID (SID), which acts 
a unique identifier for the rule.

Message

Message included in events generated by this rule, 
which also acts as the name of the rule.

The rule state for the rule, which may be one of four 
states:

drop and generate events (

)

generate events (

)

disable (

)

inherit (blank)

Note that you can access the Set rule state dialog box 
for a rule by clicking on its rule state icon.

FireSIGHT recommended rule state for the rule.

Event filter, including event thresholds and event 
suppression, applied to the rule.