Cisco Cisco Firepower Management Center 4000
28-31
FireSIGHT System User Guide
Chapter 28 Detecting Specific Threats
Detecting Sensitive Data
You can modify the system-wide name and detection pattern for custom sensitive data rules. Note that
changing these settings changes them in all other policies on the system. Note also that you must reapply
any applied access control policies that include intrusion policies that use custom data types that you
modify.
changing these settings changes them in all other policies on the system. Note also that you must reapply
any applied access control policies that include intrusion policies that use custom data types that you
modify.
Except for custom data type names and data patterns, all data type options are policy-specific for both
custom and predefined data types. See
custom and predefined data types. See
for
information on modifying options other than the name and data pattern in your custom data types.
To edit custom data type names and data patterns:
Access:
Admin/Intrusion Admin
Step 1
Select
Policies> Intrusion > Intrusion Policy.
The Intrusion Policy page appears.
Step 2
Click the edit icon (
) next to the policy you want to edit.
If you have unsaved changes in another policy, click
OK
to discard those changes and continue. See
for information on saving unsaved changes in another
policy.
The Policy Information page appears.
Step 3
Click
Advanced Settings
in the navigation panel on the left.
The Advanced Settings page appears.
Step 4
You have two choices, depending on whether
Sensitive Data Detection
under Specific Threat Detection is
enabled:
•
If the configuration is enabled, click
Edit
.
•
If the configuration is disabled, click
Enabled
, then click
Edit
.
The Sensitive Data Detection page appears.
A message at the bottom of the page identifies the intrusion policy layer that contains the configuration.
See
See
for more information.
Step 5
In the
Targets
page area, click the name of the custom data type you want to modify.
The page updates to show the current settings for the data type, and the
Edit Data Type Name and Pattern
link appears in the upper right of the Configuration page area.
Step 6
Click the
Edit Data Type Name and Pattern
link.
The Edit Data Type pop-up window appears.
Step 7
Modify the data type name, pattern, or both and click
OK
, or click
Cancel
to abandon your edits. See
for information on specifying the data pattern.
The Sensitive Data Detection page appears. If you clicked
OK
, the page displays your changes.