Cisco Cisco Firepower Management Center 4000

Page of 1844
 
27-12
FireSIGHT System User Guide
 
Chapter 27      Using the FireSIGHT System as a Compliance Tool 
  Creating Compliance White Lists
Step 6
To add additional networks, repeat steps 
 an
Step 7
Target hosts that have a specific host attribute by clicking 
Add 
next to 
Targeted Host Attributes
.
Step 8
From the 
Attribute
 and 
Value
 drop-down lists, specify the host attribute.
Step 9
To add additional host attributes, repeat steps 
A host must have at least one of the host attributes you specify to be evaluated against the white list.
Step 10
Target hosts that belong to a specific VLAN by clicking 
Add 
next to 
Targeted VLANs
.
Step 11
In the 
VLAN ID
 field, specify the VLAN IDs of the hosts you want to evaluate against the white list. This 
can be any integer between 0 and 4095 for 802.1q VLANs.
Step 12
To add additional VLAN IDs, repeat steps 
 and 
The host must be a member of one of the VLANs you specify to be evaluated against the white list.
Tip
To remove a network, host attribute restriction, or VLAN restriction, click the delete icon (
) next to 
the element you want to delete.
Modifying Existing Targets
License: 
FireSIGHT
After you modify a target, you must save the white list for your changes to take effect. Note that if you 
modify a target in a white list that is used by an active correlation policy, after you save the white list, 
any new target hosts are evaluated for compliance. However, this evaluation does not generate white list 
events. In addition, the system changes the white list host attribute of previously valid targets to 
Not 
Evaluated
.
To modify an existing target:
Access: 
Admin 
Step 1
On the Create White List page, under 
Targets
, click the target you want to modify.
The settings for the target appear.
Step 2
Make changes as needed.
You can rename the target, add or exclude additional networks, and add host attribute or VLAN 
restrictions. For more information, see 
Deleting Existing Targets
License: 
FireSIGHT
After you delete a target, you must save the white list for your changes to take effect. Note that if you 
delete a target from a white list that is used by an active correlation policy, the system changes the white 
list host attribute of previously valid targets to 
Not Evaluated
.