Cisco Cisco FirePOWER Appliance 7020
50-15
FireSIGHT System User Guide
Chapter 50 Managing System Policies
Configuring a System Policy
If the number of events in the intrusion event database exceeds the maximum, the oldest events and
packet files are pruned until the database is back within the event limits. See
packet files are pruned until the database is back within the event limits. See
for information about generating automated email
notifications when events are automatically pruned.
For information on manually pruning the discovery and user databases, see
.
In addition, you can configure an email address that will receive notifications when intrusion events and
audit records are pruned from the database.
audit records are pruned from the database.
To configure the maximum number of records in the database:
Access:
Admin
Step 1
Select
System > Local > System Policy
.
The System Policy page appears.
Step 2
You have the following options:
•
To modify the database settings in an existing system policy, click the edit icon (
) next to the
system policy.
•
To configure the database settings as part of a new system policy, click
Create Policy
.
Provide a name and description for the system policy as described in
, and click
Save
.
In either case, the Access Control Preferences page appears.
Step 3
Click
Database
.
connection summaries
(aggregated connection
events)
(aggregated connection
events)
10 million (DC500, DC1000, virtual Defense Center)
50 million (DC750)
100 million (DC1500, DC3000)
500 million (DC3500)
zero (disables storage)
correlation and compliance
white list events
white list events
1 million
one
malware events
10 million
10,000
file events
10 million
zero (disables storage)
health events
1 million
zero (disables storage)
audit records
100,000
one
remediation status events
10 million
one
the white list violation
history of the hosts on your
network
history of the hosts on your
network
a 30-day history of violations
one day’s history
user activity (user events)
10 million
one
user logins (user history)
10 million
one
rule update import log
records
records
1 million
one
Table 50-2
Database Event Limits (continued)
Event Type
Upper Event Limit
Lower Event Limit