Cisco Cisco Firepower Management Center 4000

32-39

FireSIGHT System User Guide

Chapter 32 Understanding and Writing Intrusion Rules

Understanding Keywords and Arguments in Rules

To match a rule with an identified application protocol, you must define the

metadata

keyword and a

key value

statement, with

service

as the

key

and an application for the

value

. For example, the

following

key value

statement in a

metadata

keyword associates the rule with HTTP traffic:

service http

The following table describes the most common application values.

Note

Contact Support for assistance in defining applications not in the table.

Table 32-21

service Values

Value

Description

dcerpc

Distributed Computing Environment/Remote Procedure Calls System

dns

Domain Name System