Cisco Cisco Firepower Management Center 4000
21-6
FireSIGHT System User Guide
Chapter 21 Managing Rules in an Intrusion Policy
Viewing Rules in an Intrusion Policy
To view rule details:
Access:
Admin/Intrusion Admin
Step 1
Select
Policies > Intrusion > Intrusion Policy.
The Intrusion Policy page appears.
Step 2
Click the edit icon (
) next to the policy you want to edit.
If you have unsaved changes in another policy, click
OK
to discard those changes and continue. See
for information on saving unsaved changes in another
policy.
The Policy Information page appears.
Step 3
Click
Manage Rules
.
The Rules page appears. By default, the page lists the rules alphabetically by message.
Step 4
Highlight the rule whose rule details you want to view.
Step 5
Click
Show details
.
The Rule Detail view appears. To hide the details again, click
Hide details
.
Tip
You can also open Rule Detail by double-clicking a rule in the Rules view.
Setting a Threshold for a Rule
License:
Protection
You can set a single threshold for a rule from the Rule Detail page. Adding a threshold overwrites any
existing threshold for the rule. For more information on thresholding, see
existing threshold for the rule. For more information on thresholding, see
.
Note that a revert icon (
) appears in a field when you type an invalid value; click it to revert to the
last valid value for that field or to clear the field if there was no previous value.
To set a threshold from the rule details:
Access:
Admin/Intrusion Admin
Alerts
Alerts currently set for this rule, as well
as the facility to add an alert for the
rule.
as the facility to add an alert for the
rule.
Comments
Comments added to this rule, as well as
the facility to add comments for the
rule.
the facility to add comments for the
rule.
Documentation
The rule documentation for the current
rule, supplied by the Cisco
Vulnerability Research Team (VRT).
rule, supplied by the Cisco
Vulnerability Research Team (VRT).
Table 21-3
Rule Details (continued)
Item
Description
For more information, see...