Cisco Cisco Firepower Management Center 4000
22-10
FireSIGHT System User Guide
Chapter 22 Using Advanced Settings in an Intrusion Policy
Automatically Enabling Advanced Settings
Automatically Enabling Advanced Settings
License:
Protection
The system can enable advanced settings when they are required by a standard text rule, shared object
rule, preprocessor rule, or another advanced setting. When you save an intrusion policy with a disabled
advanced setting that is required by a rule, rule option, or other advanced setting, you are prompted
whether you want the system to automatically enable the required advanced setting. Before you can save
the policy, you must either manually enable the required advanced setting configuration, allow the
system to automatically enable the required advanced setting, or disable any rule or other advanced
setting that requires the advanced setting.
rule, preprocessor rule, or another advanced setting. When you save an intrusion policy with a disabled
advanced setting that is required by a rule, rule option, or other advanced setting, you are prompted
whether you want the system to automatically enable the required advanced setting. Before you can save
the policy, you must either manually enable the required advanced setting configuration, allow the
system to automatically enable the required advanced setting, or disable any rule or other advanced
setting that requires the advanced setting.
Note that the system uses the default configuration for an automatically enabled advanced setting that
you have not configured.
you have not configured.
The following table lists the rules and rule options required by different advanced settings.
133
DCE/RPC Preprocessor
The event was generated by the DCE/RPC preprocessor. See
134
Rule Latency, Packet
Latency
Latency
The event was generated when rule latency suspended (134:1) or re-enabled (134:2) a
group of intrusion rules, or when the system stopped inspecting a packet because the
packet latency threshold was exceeded (134:3). For more information, see
group of intrusion rules, or when the system stopped inspecting a packet because the
packet latency threshold was exceeded (134:3). For more information, see
.
135
Rate-Based Attack
Detector
Detector
The event was generated when a rate-based attack detector identified excessive
connections to hosts on the network. See
connections to hosts on the network. See
for more information.
138, 139
Sensitive Data
Preprocessor
Preprocessor
The event was generated by the sensitive data preprocessor. See
for more information.
140
SIP Preprocessor
The event was generated by the SIP preprocessor. See
for more information.
141
IMAP Preprocessor
The event was generated by the IMAP preprocessor. See
for more information.
142
POP Preprocessor
The event was generated by the POP preprocessor. See
for more information.
143
GTP Preprocessor
The event was generated by the GTP preprocessor. See
for more information.
144
Modbus Preprocessor
The event was generated by the Modbus SCADA preprocessor. See
for more information.
145
DNP3 Preprocessor
The event was generated by the DNP3 SCADA preprocessor. See
for more information.
Table 22-9
Generator IDs (continued)
ID
Component
Description