Cisco Cisco Firepower Management Center 4000
22-11
FireSIGHT System User Guide
Chapter 22 Using Advanced Settings in an Intrusion Policy
Automatically Enabling Advanced Settings
Table 22-10
Automatically Enabled Advanced Settings
Advanced Setting Type
Advanced Setting
Rule and Rule Options Causing Auto-Enable Prompt
Application Layer
Preprocessors
Preprocessors
DCE/RPC Configuration
Keyword:
•
byte_jump (if DCE/RPC option is enabled)
•
byte_test (if DCE/RPC option is enabled)
•
byte_extract (if DCE/RPC option is enabled)
•
dce_iface
•
dce_opnum
•
dce_stub_data
Application Layer
Preprocessors
Preprocessors
HTTP Configuration
Keyword:
•
content (if an HTTP content option is enabled)
•
urilen
•
http_encode
•
pcre (if the P, I, C, K, Y, M, U, S, H, or D option is used
in the rule)
in the rule)
Application Layer
Preprocessors
Preprocessors
SIP Configuration
Keyword:
•
sip_header
•
sip_body
•
sip_method
•
sip_status_code
Application Layer
Preprocessors
Preprocessors
GTP Command Channel
Configuration
Configuration
Keyword:
•
gtp_version
•
gtp_type
•
gtp_info
Application Layer
Preprocessors
Preprocessors
SSL Configuration
Keyword:
•
ssl_state
•
ssl_version
SCADA Preprocessors
Modbus Configuration
Keyword:
•
modbus_data
•
modbus_func
•
modbus_unit
SCADA Preprocessors
DNP3 Configuration
Keyword:
•
dnp3_data
•
dnp3_func
•
dnp3_ind
•
dnp3_obj