Cisco Cisco Firepower Management Center 4000

Page of 1844
 
22-12
FireSIGHT System User Guide
 
Chapter 22      Using Advanced Settings in an Intrusion Policy 
  Automatically Enabling Advanced Settings
When you enable a preprocessor that requires stream preprocessing, you are prompted when you save 
the policy whether to enable stream preprocessing for the appropriate protocol if stream preprocessing 
is disabled. 
You are prompted whether to enable TCP stream preprocessing when it is disabled and you enable the 
following preprocessors:
  •
the DCE/RPC preprocessor when the RPC over HTTP proxy, RPC over HTTP server, TCP, or SMB 
transport protocol is selected
  •
the DNS preprocessor
  •
the FTP/Telnet preprocessor
  •
the HTTP Inspect preprocessor
  •
the IMAP preprocessor
  •
the POP preprocessor
  •
the SMTP preprocessor 
  •
the SSL preprocessor
  •
the Modbus preprocessor
  •
the DNP3 preprocessor
  •
portscan detection when the TCP protocol is selected 
  •
rate-based attack prevention
  •
sensitive data detection
You are prompted whether to enable UDP stream preprocessing when it is disabled and you enable any 
of the following preprocessors:
  •
the DCE/RPC preprocessor with the UDP transport protocol selected
  •
the SIP preprocessor
  •
the GTP preprocessor
Transport/Network Layer 
Preprocessors
TCP or UDP Stream 
Configuration
Keyword:
  •
flow
  •
flowbits
  •
stream_size
Transport/Network Layer 
Preprocessors
TCP Stream Configuration
Keyword: stream_reassemble
Specific Threat Detection
Sensitive Data Detection
Generator ID: 
  •
138
  •
139
Performance Settings
Regular Expression Limits
Keyword: pcre
Table 22-10
Automatically Enabled Advanced Settings (continued)
Advanced Setting Type
Advanced Setting
Rule and Rule Options Causing Auto-Enable Prompt