Cisco Cisco Firepower Management Center 4000

The Intrusion Policy page appears.

Click the edit icon (

) next to the policy you want to edit.

If you have unsaved changes in another policy, click 

 to discard those changes and continue. See 

 for information on saving unsaved changes in another 

policy.

The Policy Information page appears.

Click 

.

The Rules page appears. By default, the page lists the rules alphabetically by message.

Click the title or icon in the top of the column by which you want to sort.

The rules are sorted by the column, in the direction indicated by the arrow that appears on the column 
heading. To sort in the opposite direction, click the heading again. The sort order and the arrow reverse.

Protection

You can view rule documentation, FireSIGHT recommendations, and rule overhead from the Rule Detail 
view. You can also view and add rule-specific features.

Note that local rules do not have any overhead, unless they are mapped to a vulnerability.

Summary

The rule summary. For rule-based 
events, this row appears when the rule 
documentation contains summary 
information. 

Rule State

The current rule state for the rule. Also 
indicates the layer where the rule state 
is set.

; 

FireSIGHT 
Recommendation

If FireSIGHT recommendations have 
been generated, the recommended rule 
state for the rule.

Rule Overhead

The rule’s potential impact on system 
performance and the likelihood that the 
rule might generate false positives.

Thresholds

Thresholds currently set for this rule, as 
well as the facility to add a threshold for 
the rule.

Suppressions

Suppression settings currently set for 
this rule, as well as the facility to add 
suppressions for the rule.

Dynamic State

Rate-based rule states currently set for 
this rule, as well as the facility to add 
dynamic rule states for the rule.