Cisco Cisco Firepower Management Center 4000

Page of 1844
 
28-25
FireSIGHT System User Guide
 
Chapter 28      Detecting Specific Threats
  Detecting Sensitive Data
The Advanced Settings page appears.
Step 4
You have two choices, depending on whether 
Sensitive Data Detection 
under Specific Threat Detection is 
enabled:
  •
If the configuration is enabled, click 
Edit
.
  •
If the configuration is disabled, click 
Enabled
, then click 
Edit
.
The Sensitive Data Detection page appears. A message at the bottom of the page identifies the intrusion 
policy layer that contains the configuration. See 
 for more 
information.
Step 5
You can take any of the actions described in the 
 table.
Step 6
Save your policy, continue editing, discard your changes, revert to the default configuration settings in 
the base policy, or exit while leaving your changes in the system cache. See the 
 table for more information.
Selecting Application Protocols to Monitor
License: 
Control
You can specify up to eight application protocols to monitor for each data type. See 
 for more information on the application protocols the system can detect on your 
network.
At least one detector must be enabled (see 
application protocol you select. By default, all Cisco-provided detectors are activated. If no detector is 
enabled for an application protocol, the system automatically enables all Cisco-provided detectors for 
the application; if none exist, the system enables the most recently modified user-defined detector for 
the application.
You must specify at least one application protocol or port to monitor for each data type. However, except 
in the case where you want to detect sensitive data in FTP traffic, Cisco recommends for the most 
complete coverage that you specify corresponding ports when you specify application protocols. For 
example, if you specify HTTP, you might also configure the well-known HTTP port 80. If a new host on 
your network implements HTTP, the system will monitor port 80 during the interval when it is 
discovering the new HTTP application protocol. 
In the case where you want to detect sensitive data in FTP traffic, you must specify the 
FTP data
 
application protocol and enable the FTP/Telnet preprocessor, and there is no advantage in specifying a 
port number. See 
 for more information.
To modify application protocols to detect sensitive data:
Access: 
Admin/Intrusion Admin
Step 1
Select 
Policies > Intrusion > Intrusion Policy
.
The Intrusion Policy page appears.
Step 2
Click the edit icon (
) next to the policy you want to edit.
If you have unsaved changes in another policy, click 
OK
 to discard those changes and continue. See 
 for information on saving unsaved changes in another 
policy.
The Policy Information page appears.