Cisco Cisco Firepower Management Center 4000
32-89
FireSIGHT System User Guide
Chapter 32 Understanding and Writing Intrusion Rules
Understanding Keywords and Arguments in Rules
Note the following when using the
flowbits
keyword:
•
When using the
setx
operator, the specified state can only belong to the specified group, and not to
any other group.
setx
state_name
mandatory
Sets the specified state in the specified group
for a packet, and unsets all other states in the
group.
for a packet, and unsets all other states in the
group.
state_name&state_name
mandatory
Sets the specified states in the specified group
for a packet, and unsets all other states in the
group.
for a packet, and unsets all other states in the
group.
unset
state_name
no group
Unsets the specified state for a packet.
state_name&state_name
no group
Unsets the specified states for a packet.
all
mandatory
Unsets all the states in the specified group.
toggle
state_name
no group
Unsets the specified state if it is set, and sets
the specified state if it is unset.
the specified state if it is unset.
state_name&state_name
no group
Unsets the specified states if they are set, and
sets the specified states if they are unset.
sets the specified states if they are unset.
all
mandatory
Unsets all states set in the specified group, and
sets all states unset in the specified group.
sets all states unset in the specified group.
isset
state_name
no group
Determines if the specified state is set in the
packet.
packet.
state_name&state_name
no group
Determines if the specified states are set in the
packet.
packet.
state_name|state_name
no group
Determines if any of the specified states are set
in the packet.
in the packet.
any
mandatory
Determines if any state is set in the specified
group.
group.
all
mandatory
Determines if all states are set in the specified
group.
group.
isnotset
state_name
no group
Determines if the specified state is not set in
the packet.
the packet.
state_name&state_name
no group
Determines if the specified states are not set in
the packet.
the packet.
state_name|state_name
no group
Determines if any of the specified states is not
set in the packet.
set in the packet.
any
mandatory
Determines if any state is not set in the packet.
all
mandatory
Determines if all states are not set in the
packet.
packet.
reset
(no state)
optional
Unsets all states for all packets. Unsets all
states in a group if a group is specified.
states in a group if a group is specified.
noalert
(no state)
no group
Use this in conjunction with any other operator
to suppress event generation.
to suppress event generation.
Table 32-56
flowbits Options (continued)
Operator
State Option
Group
Description