Cisco Cisco FirePOWER Appliance 8250
21-5
FireSIGHT System User Guide
Chapter 21 Managing Rules in an Intrusion Policy
Viewing Rules in an Intrusion Policy
The Intrusion Policy page appears.
Step 2
Click the edit icon (
) next to the policy you want to edit.
If you have unsaved changes in another policy, click
OK
to discard those changes and continue. See
for information on saving unsaved changes in another
policy.
The Policy Information page appears.
Step 3
Click
Manage Rules
.
The Rules page appears. By default, the page lists the rules alphabetically by message.
Step 4
Click the title or icon in the top of the column by which you want to sort.
The rules are sorted by the column, in the direction indicated by the arrow that appears on the column
heading. To sort in the opposite direction, click the heading again. The sort order and the arrow reverse.
heading. To sort in the opposite direction, click the heading again. The sort order and the arrow reverse.
Viewing Rule Details
License:
Protection
You can view rule documentation, FireSIGHT recommendations, and rule overhead from the Rule Detail
view. You can also view and add rule-specific features.
view. You can also view and add rule-specific features.
Note that local rules do not have any overhead, unless they are mapped to a vulnerability.
Table 21-3
Rule Details
Item
Description
For more information, see...
Summary
The rule summary. For rule-based
events, this row appears when the rule
documentation contains summary
information.
events, this row appears when the rule
documentation contains summary
information.
Rule State
The current rule state for the rule. Also
indicates the layer where the rule state
is set.
indicates the layer where the rule state
is set.
;
FireSIGHT
Recommendation
Recommendation
If FireSIGHT recommendations have
been generated, the recommended rule
state for the rule.
been generated, the recommended rule
state for the rule.
Rule Overhead
The rule’s potential impact on system
performance and the likelihood that the
rule might generate false positives.
performance and the likelihood that the
rule might generate false positives.
Thresholds
Thresholds currently set for this rule, as
well as the facility to add a threshold for
the rule.
well as the facility to add a threshold for
the rule.
Suppressions
Suppression settings currently set for
this rule, as well as the facility to add
suppressions for the rule.
this rule, as well as the facility to add
suppressions for the rule.
Dynamic State
Rate-based rule states currently set for
this rule, as well as the facility to add
dynamic rule states for the rule.
this rule, as well as the facility to add
dynamic rule states for the rule.