Cisco Cisco Firepower Management Center 4000

Protection

You can filter the rules listed in the Rules page by several rule configuration settings. For example, if 
you want to view the set of rules whose rule state does not match the recommended rule state, you can 
filter on rule state by selecting 

.

When you select a keyword by clicking on a node in the criteria list, a pop-up window appears, where 
you supply the argument you want to filter by. 

If that keyword is already used in the filter, the argument you supply replaces the existing argument for 
that keyword. 

For example, if you click 

 under 

 in the filter 

panel, 

Recommendation:"Drop and Generate Events"

 is added to the filter text box. If you then click 

under 

, the filter changes to 

Recommendation:"Generate Events"

.

See the following procedures for more information on the rule configuration settings you can use to 
filter.

Admin/Intrusion Admin

Under 

, click 

.

Select the rule state to filter by: 

To find rules that only generate events, select 

, and click 

. 

To find rules that are set to generate events and drop the matching packet, select 

, and click 

. 

To find disabled rules, select 

, and click 

. 

To find rules whose rule state does not match the recommended state, select 

, and click 

. 

Priority

Finds rules according to high, medium, and 
low priorities.

The classification assigned to a rule determines 
its priority. These groups are further grouped 
into rule categories. Note that local rules (that 
is, rules that you create) do not appear in the 
priority groups.

Yes

A keyword

arguments

Note that if you 
pick one of the 
items from the 
sub-list, it adds a 
modifier to the 
argument.

Rule Update

Finds rules added or modified through a 
specific rule update. For each rule update, view 
all rules in the update, only new rules imported 
in the update, or only existing rules changed by 
the update.

No

A keyword

arguments