Cisco Cisco Firepower Management Center 4000

Protection

Because sensitive data detection can have a high impact on the performance of your FireSIGHT System, 
Cisco recommends that you adhere to the following guidelines when creating your intrusion policy and 
applying it as part of an access control policy:

Select the No Rules Active default policy as your base policy; see 

 for more information.

Ensure that the IP Defragmentation, FTP and Telnet Configuration, and TCP Stream Configuration 
advanced settings are enabled in your intrusion policy; see 

for more information.

Apply the access control policy that includes the intrusion policy containing your sensitive data 
configuration to a separate device reserved for sensitive data detection; see 

 for more information.

Protection

Global sensitive data preprocessor options control how the preprocessor functions. You can modify 
global options that specify the following:

whether the preprocessor replaces all but the last four credit card or Social Security numbers in 
triggering packets

which destination hosts on your network to monitor for sensitive data

how many total occurrences of all data types in a single session result in an event

Note that global sensitive data options are policy-specific and apply to all data types within an intrusion 
policy. That is, you can configure different global sensitive data settings in different intrusion policies, 
but not for different data types within the same intrusion policy.

The following table describes the global sensitive data detection options you can configure.

Mask

Replaces with Xs all but the last four digits of credit card numbers and Social 
Security numbers in the triggering packet. The masked numbers appear in the 
intrusion event packet view in the web interface and in downloaded packets. See 

 for more information.