Cisco Cisco FirePOWER Appliance 8250
20-10
FireSIGHT System User Guide
Chapter 20 Configuring Intrusion Policies
Managing Intrusion Policies
•
If the Snort version on the Defense Center differs from that on the managed device, you cannot apply
an intrusion policy to the device without applying the access control policy. If intrusion policy apply
fails for this reason, reapply the entire access control policy instead.
an intrusion policy to the device without applying the access control policy. If intrusion policy apply
fails for this reason, reapply the entire access control policy instead.
To reapply an intrusion policy:
Access:
Admin/Security Approver
Step 1
Select
Policies > Intrusion > Intrusion Policy
.
The Intrusion Policy page appears.
Step 2
Click the apply icon (
) next to the policy you want to reapply.
The Reapply Intrusion Policy window appears, listing the devices where the policy is currently applied.
Step 3
Specify the devices where you want to reapply the policy.
Tip
Optionally, if a device is listed as
Out-of-date
, click the comparison icon (
) to view a report that
compares the currently applied intrusion policy and the updated intrusion policy. See the
table for more information.
Step 4
Click
Reapply
.
The policy is reapplied. You can monitor the status of the apply using the task queue (
System > Monitoring
> Task Status
). See
for more information.
Viewing an Intrusion Policy Report
License:
Protection
An intrusion policy report is a record of all enabled intrusion policy features and settings at a specific
point in time. The system combines the settings in the base policy with the settings of the policy layers,
and makes no distinction between which settings originated in the base policy or policy layer. You use
the report for auditing purposes or to inspect the current configuration of an intrusion policy. Remember
to commit any potential changes before you generate an intrusion policy report; only committed changes
appear in the report.
point in time. The system combines the settings in the base policy with the settings of the policy layers,
and makes no distinction between which settings originated in the base policy or policy layer. You use
the report for auditing purposes or to inspect the current configuration of an intrusion policy. Remember
to commit any potential changes before you generate an intrusion policy report; only committed changes
appear in the report.
Tip
You can also generate an intrusion policy comparison report that compares two intrusion policies, or two
revisions of the same intrusion policy. For more information, see
revisions of the same intrusion policy. For more information, see
Depending on your configuration, an intrusion policy report can contain one or more sections as
described in the following table.
described in the following table.