Cisco Cisco Firepower Management Center 4000
32-39
FireSIGHT System User Guide
Chapter 32 Understanding and Writing Intrusion Rules
Understanding Keywords and Arguments in Rules
To match a rule with an identified application protocol, you must define the
metadata
keyword and a
key value
statement, with
service
as the
key
and an application for the
value
. For example, the
following
key value
statement in a
metadata
keyword associates the rule with HTTP traffic:
service http
The following table describes the most common application values.
Note
Contact Support for assistance in defining applications not in the table.
Table 32-21
service Values
Value
Description
dcerpc
Distributed Computing Environment/Remote Procedure Calls System
dns
Domain Name System