Cisco Cisco Firepower Management Center 4000
32-13
FireSIGHT System User Guide
Chapter 32 Understanding and Writing Intrusion Rules
Understanding Keywords and Arguments in Rules
To specify a classification in the rule editor, select a classification from the
Classification
list. See
for more information on the rule editor.
Adding Custom Classifications
License:
Protection
If you want more customized content for the packet display description of the events generated by a rule
you define, create a custom classification.
you define, create a custom classification.
To add classifications to the Classification list:
Access:
Admin/Intrusion Admin
Step 1
Select
Policies > Intrusion > Rule Editor
.
The Rule Editor page appears.
Step 2
Click
Create Rule
.
The Create Rule page appears.
Step 3
Under the
Classification
drop-down list, click
Edit Classifications
.
A pop-up window appears.
Step 4
Type the name of the classification in the
Classification Name
field.
You can use up to 255 alphanumeric characters, but the page is difficult to read if you use more than 40
characters. The following characters are not supported:
characters. The following characters are not supported:
<>()\'"&$;
and the space character.
Step 5
Type a description of the classification in the
Classification Description
field.
You can use up to 255 alphanumeric characters and spaces. The following characters are not supported:
<>()\'"&$;
Step 6
Select a priority from the
Priority
list.
You can select
high
,
medium
, or
low
.
Step 7
Click
Add
.
The new classification is added to the list and becomes available for use in the rule editor.
Step 8
Click
Done
.
32
inappropriate-content
Inappropriate Content was Detected
33
policy-violation
Potential Corporate Privacy Violation
34
default-login-attempt
Attempt to Login By a Default Username and Password
35
sdf
Sensitive Data
36
malware-cnc
Known malware command and control traffic
37
client-side-exploit
Known client side exploit attempt
38
file-format
Known malicious file or file based exploit
Table 32-5
Rule Classifications (continued)
Number
Classification Name
Description