Cisco Cisco Firepower Management Center 4000
27-11
FireSIGHT System User Guide
Chapter 27 Using the FireSIGHT System as a Compliance Tool
Creating Compliance White Lists
host that is eligible to be evaluated by a white list is called a target. For a more detailed introduction to
white list targets, see
white list targets, see
When you are finished creating compliance white list targets, continue with
Note
If you change or delete a host attribute from a host and that modification means that the host is no longer
a valid target, the host is no longer evaluated by the white list and is considered neither compliant nor
non-compliant.
a valid target, the host is no longer evaluated by the white list and is considered neither compliant nor
non-compliant.
For information on how to modify and delete targets, see:
•
•
When you create a target for a compliance white list, you specify the criteria a host must meet to be
evaluated against the white list. A valid target:
evaluated against the white list. A valid target:
•
must be in one of the IP address blocks you specify. You can also exclude blocks of IP addresses.
•
must have at least one of the host attributes you specify.
•
must belong to one of the VLANs you specify.
Note that if you add a target to a white list that is used by an active correlation policy, after you save the
white list, the new target hosts are evaluated for compliance. However, this evaluation does not generate
white list events.
white list, the new target hosts are evaluated for compliance. However, this evaluation does not generate
white list events.
To create a compliance white list target:
Access:
Admin
Step 1
On the Create White List Page, next to
Target Networks
, click the add icon (
).
The settings for the new target appear.
Tip
You can also create a new target by surveying a network segment. On the Create White List page, click
Target Network
, then follow steps
. The new target is
created and is named according to the IP addresses you specified. Click the target you just created and
continue with the rest of this procedure to rename the target, add or exclude additional networks, and
add host attribute or VLAN restrictions.
continue with the rest of this procedure to rename the target, add or exclude additional networks, and
add host attribute or VLAN restrictions.
Step 2
In the
Name
field, type a name for the new target.
Step 3
Target a specific set of IP addresses by clicking the add icon (
) next to
Targeted Networks
.
Step 4
In the
IP Address
and
Netmask
fields, enter the IP address and network mask (in special notation, such as
CIDR) that represent the hosts you want to target or exclude from targeting.
You should make sure that you specify a network that you configured the system to monitor in your
network discovery policy. For information on using IP address notation in the FireSIGHT System, see
network discovery policy. For information on using IP address notation in the FireSIGHT System, see
Tip
To target the entire monitored network, use
0.0.0.0/0
and
::/0
.
Step 5
If you want to exclude the network from monitoring, select
Exclude
.