Cisco Cisco Firepower Management Center 4000
24-11
FireSIGHT System User Guide
Chapter 24 Using Performance Settings in an Intrusion Policy
Constraining Regular Expressions
To configure PCRE overrides:
Access:
Admin/Intrusion Admin
Step 1
Select
Policies > Intrusion > Intrusion Policy.
The Intrusion Policy page appears.
Step 2
Click the edit icon (
) next to the policy you want to edit.
If you have unsaved changes in another policy, click
OK
to discard those changes and continue. See
for information on saving unsaved changes in another
policy.
The Policy Information page appears.
Step 3
Click
Advanced Settings
in the navigation panel on the left.
The Advanced Settings page appears.
Step 4
You have two choices, depending on whether
Regular Expression Limits
under Performance Settings is
enabled:
•
If the configuration is enabled, click
Edit
.
•
If the configuration is disabled, click
Enabled
, then click
Edit
.
The Regular Expression Limits page appears.
A message at the bottom of the page identifies the intrusion policy layer that contains the configuration.
See
See
for more information.
Step 5
You can modify any of the options in the
Table 24-5
Regular Expression Constraint Options
Option
Description
Match Limit State
Specifies whether to override
Match Limit
. You have the following options:
•
select
Default
to use the value configured for
Match Limit
•
select
Unlimited
to permit an unlimited number of attempts.
•
select
Custom
to specify either a limit of 1 or greater for
Match Limit
, or to
specify 0 to completely disable PCRE match evaluations
Match Limit
Specifies the number of times to attempt to match a pattern defined in a
PCRE regular expression.
PCRE regular expression.
Match Recursion Limit
State
State
Specifies whether to override
Match Recursion Limit
. You have the following
options:
•
select
Default
to use the value configured for
Match Recursion Limit
•
select
Unlimited
to permit an unlimited number of recursions
•
select
Custom
to specify either a limit of 1 or greater for
Match Recursion
Limit
, or to specify 0 to completely disable PCRE recursions
Note that for
Match Recursion Limit
to be meaningful, it must be smaller than
Match Limit
.
Match Recursion Limit
Specifies the number of recursions when evaluating a PCRE regular
expression against the packet payload.
expression against the packet payload.