Cisco Cisco Firepower Management Center 4000

Admin/Intrusion Admin

On the Create Rule page, select 

 in the drop-down list and click 

The 

dnp3_func

 keyword appears.

Specify a single defined decimal value 0 to 255 for the function code, or a single defined string. See the 

 table for values and strings recognized by the system.

You can use the 

dnp3_ind

 keyword to match against flags in the Internal Indications field in a DNP3 

application layer response header.

You can specify the string for a single known flag or a comma-separated list of flags, as seen in the 
following example:

class_1_events, class_2_events

When you specify multiple flags, the keyword matches against any flag in the list. To detect a 
combination of flags, use the 

dnp3_ind

 keyword multiple times in a rule.

17

start_appl

18

stop_appl

19

save_config

20

enable_unsolicited

21

disable_unsolicited

22

assign_class

23

delay_measure

24

record_current_time

25

open_file

26

close_file

27

delete_file

28

get_file_info

29

authenticate_file

30

abort_file

31

activate_config

32

authenticate_req

33

authenticate_err

129

response

130

unsolicited_response

131

authenticate_resp