Cisco Cisco FirePOWER Appliance 8250
21-4
FireSIGHT System User Guide
Chapter 21 Managing Rules in an Intrusion Policy
Viewing Rules in an Intrusion Policy
You can also use the layer drop-down list to switch to the Rules page for other layers in your policy. Note
that, unless you add layers to your policy, the only editable views listed in the drop-down list are the
policy Rules page and the Rules page for a policy layer that is originally named My Changes; note also
that making changes in either of these views is the same as making the changes in the other. See
that, unless you add layers to your policy, the only editable views listed in the drop-down list are the
policy Rules page and the Rules page for a policy layer that is originally named My Changes; note also
that making changes in either of these views is the same as making the changes in the other. See
for more information. The drop-down list also lists the Rules
page for the read-only base policy. See
for information on
the base policy.
To view the rules in an intrusion policy:
Access:
Admin/Intrusion Admin
Step 1
Select
Policies > Intrusion > Intrusion Policy.
The Intrusion Policy page appears.
Step 2
Click the edit icon (
) next to the policy you want to edit.
If you have unsaved changes in another policy, click
OK
to discard those changes and continue. See
for information on saving unsaved changes in another
policy.
The Policy Information page appears.
Step 3
Click
Manage Rules
on the Policy Information page.
The Rules page appears. By default, the page lists the rules alphabetically by message.
Note that selecting
Rules
above the dividing line in the navigation panel takes you to the same rules
listing. You can view and set all rule attributes in your policy in this view.
Sorting the Rule Display
License:
Protection
You can sort rules by any of the columns in the Rules page by clicking on the heading title or icon.
Note that an up (
) or down (
) arrow on a heading or icon indicates that the sort is on that column
in that direction.
To sort rules in an intrusion policy:
Access:
Admin/Intrusion Admin
Step 1
Select
Policies > Intrusion > Intrusion Policy
.
Dynamic rule state for the rule, which goes into effect
if specified rate anomalies occur.
if specified rate anomalies occur.
Alerts configured for the rule, including SNMP alerts.
Comments added to the rule.
Table 21-2
Rules Page Columns (continued)
Heading
Description
For more information, see...