Cisco Cisco Firepower Management Center 4000
C H A P T E R
24-1
FireSIGHT System User Guide
24
Using Performance Settings in an Intrusion
Policy
Policy
Cisco provides several features for improving the performance of your system as it analyzes traffic for
attempted intrusions. See the following sections for more information:
attempted intrusions. See the following sections for more information:
•
describes how you can specify the number of packets to
allow in the event queue, and enable or disable inspection of packets that will be rebuilt into larger
streams.
streams.
•
describes how you can balance security
with the need to maintain device latency at an acceptable level with packet latency thresholding.
•
the need to maintain device latency at an acceptable level with rule latency thresholding.
•
describes how you can configure the basic
parameters of how your managed devices monitor and report on their own performance.
•
describes how you can override default match and
recursion limits on PCRE regular expressions.
•
describes how you can configure rule processing event
queue settings.
Event Queue Configuration
License:
Protection
You can specify the number of packets to allow in the event queue, and enable or disable, before and
after stream reassembly, inspection of packets that will be rebuilt into larger streams.
after stream reassembly, inspection of packets that will be rebuilt into larger streams.
To configure event queue settings:
Access:
Admin/Intrusion Admin
Step 1
Select
Policies > Intrusion > Intrusion Policy.
The Intrusion Policy page appears.
Step 2
Click the edit icon (
) next to the policy you want to edit.
If you have unsaved changes in another policy, click
OK
to discard those changes and continue. See
for information on saving unsaved changes in another
policy.