Cisco Cisco Firepower Management Center 4000

The Cisco VRT may use the rule update mechanism to add and remove rule filters.

Note that the rules on the Rules page may be either shared object rules (generator ID 3) or standard text 
rules (generator ID 1). The following table describes the different rule filters.

Rule Configuration

Finds rules according to the configuration of 
the rule. See 

.

No

A grouping

keywords

Rule Content

Finds rules according to the content of the rule. 
See 

No

A grouping

keywords

Category

Finds rules according to the rule categories 
used by the rule editor. Note that local rules 
appear in the local sub-group. See 

.

Yes

A keyword

arguments

Classifications

Finds rules according to the attack 
classification that appears in the packet display 
of an event generated by the rule. See 

No

A keyword

arguments

Microsoft 
Vulnerabilities

Finds rules according to Microsoft bulletin 
number.

Yes

A keyword

arguments

Microsoft Worms

Finds rules based on specific worms that affect 
Microsoft Windows hosts.

Yes

A keyword

arguments

Platform Specific

Finds rules according to their relevance to 
specific versions of operating systems. 

Note that a rule may affect more than one 
operating system or more than one version of 
an operating system. For example, enabling 
SID 2260 affects multiple versions of Mac OS 
X, IBM AIX, and other operating systems.

Yes

A keyword

arguments

Note that if you 
pick one of the 
items from the 
sub-list, it adds a 
modifier to the 
argument.

Preprocessors

Finds rules for individual preprocessors.

Note that you must enable preprocessor rules 
associated with a preprocessor option to 
generate events for the option when the 
preprocessor is enabled. See 

 and 

 for more information.

Yes

A grouping

sub-groupings