Cisco Cisco Firepower Management Center 4000

22-2

FireSIGHT System User Guide

Chapter 22 Using Advanced Settings in an Intrusion Policy

Modifying Advanced Settings

An advanced setting must be enabled for you to configure it. Your configuration is retained if you
configure an advanced setting and then disable it. When you enable an advanced setting, a sublink to the
configuration page for the advanced setting appears beneath the

Advanced Settings

link in the navigation

panel, and an

Edit

link to the configuration page appears next to the advanced setting on the Advanced

Settings page. When you disable an advanced setting, the advanced setting sublink and

Edit

link no longer

appear.

Tip

You cannot disable the Performance Statistics Configuration advanced setting. This ensures that Support
can troubleshoot your system.

Modifying the configuration of an advanced setting requires an understanding of the configuration you
are modifying and its potential impact on your network. The following sections provide links to specific
configuration details for each advanced setting.

Application Layer Preprocessors

Application-layer protocol decoders normalize specific types of packet data into formats that the rules
engine can analyze. See the following table for more information.

SCADA Preprocessors

The Modbus and DNP3 preprocessors detect traffic anomalies and provide data to the rules engine for
inspection.

Table 22-1

Application Layer Preprocessor Settings

For information on...

See...

DCE/RPC Configuration

Configuring the DCE/RPC Preprocessor, page 25-11

DNS Configuration

Configuring the DNS Preprocessor, page 25-17

FTP and Telnet Configuration

Decoding FTP and Telnet Traffic, page 25-18