Cisco Cisco Firepower Management Center 4000
27-9
FireSIGHT System User Guide
Chapter 27 Using the FireSIGHT System as a Compliance Tool
Creating Compliance White Lists
Step 9
Click
Save White List
to save your white list.
The white list is saved. You can now add it to an active correlation policy to begin evaluating the target
hosts for compliance, generating white list events when a host violated the white list, and, optionally
triggering responses to white list violations. For more information, see
hosts for compliance, generating white list events when a host violated the white list, and, optionally
triggering responses to white list violations. For more information, see
Surveying Your Network
License:
FireSIGHT
When you begin creating a compliance white list, you can survey either your entire network or a specific
network segment.
network segment.
Surveying your network gathers data from the database about the application protocols, clients, web
applications, and protocols running on the different detected operating systems. Then, the system creates
one host profile within the white list for each detected operating system. By default, these host profiles
allow all of the detected clients, application protocols, web applications, and protocols that the system
has detected on each applicable operating systems.
applications, and protocols running on the different detected operating systems. Then, the system creates
one host profile within the white list for each detected operating system. By default, these host profiles
allow all of the detected clients, application protocols, web applications, and protocols that the system
has detected on each applicable operating systems.
This creates a baseline white list so that you do not have to manually create and configure multiple host
profiles. After you survey your network, you can then edit or delete the host profiles that the survey
created to suit your needs; you can also add any other host profiles you might need.
profiles. After you survey your network, you can then edit or delete the host profiles that the survey
created to suit your needs; you can also add any other host profiles you might need.
Note that you can survey your network at any time during the white list creation process. This can add
additional allowed clients, application protocols, web applications, and protocols to the host profiles that
already exist, and can create additional host profiles if the survey detects hosts running operating
systems that were not detected during the initial survey. If you resurvey your network within a white list
that is used within an active correlation policy, and the survey changes either your targets or host profiles,
the target hosts are re-evaluated when you save the white list. Although this re-evaluation may bring
some hosts into compliance, it does not generate any white list events.
additional allowed clients, application protocols, web applications, and protocols to the host profiles that
already exist, and can create additional host profiles if the survey detects hosts running operating
systems that were not detected during the initial survey. If you resurvey your network within a white list
that is used within an active correlation policy, and the survey changes either your targets or host profiles,
the target hosts are re-evaluated when you save the white list. Although this re-evaluation may bring
some hosts into compliance, it does not generate any white list events.
To begin creating a compliance white list by surveying your network:
Access:
Admin
Step 1
Select
Policies > Correlation
, then click
White List
.
The White List page appears.
Step 2
Click
New White List
.
The Survey Network page appears.
Step 3
Do you want to survey your network?
•
If yes, continue with the next step.
•
If no, click
Skip
.
The Create White List page appears and displays a blank white list. Continue with the procedure in
the next section,
the next section,
Step 4
In the
IP Address
and
Netmask
fields, enter the IP address and network mask (in special notation such as
CIDR) that represent the hosts you want to survey.