Cisco Cisco Firepower Management Center 4000

Admin/Intrusion Admin

Select 

.

The Rule Editor page appears.

Click 

 on the toolbar.

The Search page appears.

Add search criteria using any of the fields described in the 

 table.

You must specify at least one search criterion to search for rules.

Perform the following steps to search for rules that contain specific keywords:

From the drop-down list in the 

 section, select the keyword for which to search. 

For a list of each available keyword, see 

. 

In the 

 field, enter the arguments for which you want to search.

Click 

.

The page reloads, showing a list of the rules that match your search criteria.

To view or edit a rule (or a copy of the rule, if it is a system rule), click the hyperlinked rule message. 
See 

 for detailed information about editing rules.

Source IP

To search for rules that inspect packets originating from a specified IP address, 
enter a source IP address or an IP address-related variable. 

Destination IP

To search for rules that inspect packets destined for a specified IP address, enter a 
destination IP address or an IP address-related variable.

Keyword

To search for specific keywords, you can use the keyword search options. You 
select a keyword and a keyword value for which to search. You can also precede 
the keyword value with an exclamation point (

!

) to match any value other than the 

specified value.

Category

To search for rules in a specific category, select the category from the 

 list. 

Classification

To search for rules that have a specific classification, select the classification name 
from the 

 list.

Rule State

To search for rules within a specific policy and a specific rule state, select the 
policy from the first 

 list, and choose a state from the second list to search 

for rules set to 

, 

, or 

.