Cisco Cisco FirePOWER Appliance 7125
32-104
FireSIGHT System User Guide
Chapter 32 Understanding and Writing Intrusion Rules
Searching for Rules
To search for specific rules:
Access:
Admin/Intrusion Admin
Step 1
Select
Policies > Intrusion > Rule Editor
.
The Rule Editor page appears.
Step 2
Click
Search
on the toolbar.
The Search page appears.
Step 3
Add search criteria using any of the fields described in the
table.
Note
You must specify at least one search criterion to search for rules.
Step 4
Perform the following steps to search for rules that contain specific keywords:
•
From the drop-down list in the
Keyword
section, select the keyword for which to search.
For a list of each available keyword, see
.
•
In the
Keyword
field, enter the arguments for which you want to search.
Step 5
Click
Search
.
The page reloads, showing a list of the rules that match your search criteria.
Step 6
To view or edit a rule (or a copy of the rule, if it is a system rule), click the hyperlinked rule message.
See
See
for detailed information about editing rules.
Source IP
To search for rules that inspect packets originating from a specified IP address,
enter a source IP address or an IP address-related variable.
enter a source IP address or an IP address-related variable.
Destination IP
To search for rules that inspect packets destined for a specified IP address, enter a
destination IP address or an IP address-related variable.
destination IP address or an IP address-related variable.
Keyword
To search for specific keywords, you can use the keyword search options. You
select a keyword and a keyword value for which to search. You can also precede
the keyword value with an exclamation point (
select a keyword and a keyword value for which to search. You can also precede
the keyword value with an exclamation point (
!
) to match any value other than the
specified value.
Category
To search for rules in a specific category, select the category from the
Category
list.
Classification
To search for rules that have a specific classification, select the classification name
from the
from the
Classification
list.
Rule State
To search for rules within a specific policy and a specific rule state, select the
policy from the first
policy from the first
Rule State
list, and choose a state from the second list to search
for rules set to
Generate Events
,
Drop and Generate Events
, or
Disabled
.
Table 32-59
Rule Search Criteria (continued)
Option
Description