Cisco Cisco Firepower Management Center 4000
21-3
FireSIGHT System User Guide
Chapter 21 Managing Rules in an Intrusion Policy
Viewing Rules in an Intrusion Policy
Viewing Rules in an Intrusion Policy
License:
Protection
You can adjust how rules are displayed in the intrusion policy. Rules can be sorted by several criteria.
You can also display the details for a specific rule to see rule settings, rule documentation, and other rule
specifics.
You can also display the details for a specific rule to see rule settings, rule documentation, and other rule
specifics.
The Rules page has four primary areas of functionality:
•
the filtering features — for more information, see
•
the rule attribute menus — for more information, see
,
,
, and
•
the rules listing — for more information, see the
table.
•
the rule details — for more information, see
You can also sort rules by different criteria; for more information, see
.
Note that the icons used as column headers correspond to the menus in the menu bar, where you access
those configuration items. For example, the Rule State menu is marked with the same icon (
those configuration items. For example, the Rule State menu is marked with the same icon (
) as the
Rule State column.
The following table describes the columns on the Rules page.
Table 21-2
Rules Page Columns
Heading
Description
For more information, see...
GID
Integer which indicates the Generator ID (GID) for
the rule.
the rule.
SID
Integer which indicates the Snort ID (SID), which acts
a unique identifier for the rule.
a unique identifier for the rule.
Message
Message included in events generated by this rule,
which also acts as the name of the rule.
which also acts as the name of the rule.
The rule state for the rule, which may be one of four
states:
states:
•
drop and generate events (
)
•
generate events (
)
•
disable (
)
•
inherit (blank)
Note that you can access the Set rule state dialog box
for a rule by clicking on its rule state icon.
for a rule by clicking on its rule state icon.
FireSIGHT recommended rule state for the rule.
Event filter, including event thresholds and event
suppression, applied to the rule.
suppression, applied to the rule.