Cisco Cisco Firepower Management Center 4000

Admin/Discovery Admin

On the Create Policy page, click 

.

The Available Rules pop-up appears.

Click the appropriate folder name to expand it.

Select the rules and white lists that you want to use in the policy and click 

.

The Create Policy page appears again. The rules and white lists you selected populate the policy.

Continue with the procedure in the next section, 

Any

You can assign a user-defined priority to each correlation rule or compliance white list in your 
correlation policy. If a rule or white list triggers, the resulting event displays the priority you assign to 
the rule or white list. On the other hand, if you do not assign a priority value and the rule or white list 
triggers, the resulting event displays the priority value of the policy.

For example, consider a policy where the policy itself has a priority of 1 and its rules or white lists are 
set with the default priority, with the exception of one rule given a priority of 3. If the priority 3 rule 
triggers, the resulting correlation event shows 3 as its priority value. If other rules or white lists in the 
policy trigger, the resulting events show 1 as their priority values, retained from the policy’s priority.

Admin/Discovery Admin