Cisco Cisco FirePOWER Appliance 8250
21-33
FireSIGHT System User Guide
Chapter 21 Managing Rules in an Intrusion Policy
Adding Rule Comments
To set an SNMP alert:
Access:
Admin/Intrusion Admin
Step 1
Select
Policies > Intrusion > Intrusion Policy
.
The Intrusion Policy page appears.
Step 2
Click the edit icon (
) next to the policy you want to edit.
If you have unsaved changes in another policy, click
OK
to discard those changes and continue. See
for information on saving unsaved changes in another
policy.
The Policy Information page appears.
Step 3
Click
Manage Rules
.
The Rules page appears.
Step 4
Locate the rule or rules where you want to set SNMP alerts. You have the following options:
•
To sort the current display, click on a column heading or icon. To reverse the sort, click again.
•
Construct a filter by clicking on keywords or arguments in the filter panel on the left. For more
information, see the following topics:
information, see the following topics:
.
The page refreshes to display all matching rules.
Step 5
Select the rule or rules where you want to set SNMP alerts:
•
To select a specific rule, select the check box next to the rule.
•
To select all the rules in the current list, select the check box at the top of the column.
Step 6
Select
Alerting > Add SNMP Alert
.
The system adds the alert and displays an alert icon (
) next to the rule in the Alerting column. If you
add multiple alert types to a rule, a number over the icon indicates the number of alert types.
Tip
To remove an SNMP alert from a rule, click the check box next to the rule and select
Alerting > Remove
SNMP Alerts
.
Step 7
Save your policy, continue editing, discard your changes, or exit while leaving your changes in the
system cache. See the
system cache. See the
table for more information.
Adding Rule Comments
License:
Protection
You can add comments to a rule. Any comments you add can be seen in the Rule Details view on the
Rules page.
Rules page.
After you commit the intrusion policy changes containing the comment, you can also view the comment
by clicking
by clicking
Rule Comment
on the rule Edit page. For more information on editing rules, see