Cisco Cisco Firepower Management Center 4000
40-16
FireSIGHT System User Guide
Chapter 40 Creating Traffic Profiles
Viewing Traffic Profiles
To link conditions:
Access:
Admin/Discovery Admin
Step 1
Use the drop-down list to the left of a set of conditions:
•
To require that all conditions on the level that the operator controls are met, select
AND
.
•
To require that only one of the conditions on the level that the operator controls is met, select
OR
.
Using Multiple Values in a Condition
License:
FireSIGHT
When you are building a condition, and the condition syntax allows you to pick a value from a drop-down
list, you can often use multiple values from the list. For example, if you want to add a host profile
qualification to a traffic profile that requires that a host be running some flavor of UNIX, instead of
constructing multiple conditions linked with the OR operator, use the following procedure.
list, you can often use multiple values from the list. For example, if you want to add a host profile
qualification to a traffic profile that requires that a host be running some flavor of UNIX, instead of
constructing multiple conditions linked with the OR operator, use the following procedure.
To include multiple values in one condition:
Access:
Admin/Discovery Admin
Step 1
Build a condition, choosing
is in
or
is not in
as the operator.
The drop-down list changes to a text field.
Step 2
Click anywhere in the text field or on the
Edit
link.
A pop-up window appears.
Step 3
Under
Available
, use Ctrl or Shift while clicking to select multiple values. You can also click and drag to
select multiple adjacent values.
Step 4
Click the right arrow (
>
) to move the selected entries to
Selected
.
Step 5
Click
OK
.
Your selections appear in the value field of your condition on the Create Profile page.
Viewing Traffic Profiles
License:
FireSIGHT
Because traffic profiles are based on connection data, you can view graphs of traffic profiles. The
following graphic shows a traffic profile with a PTW of one week, a sampling rate of five minutes, and
a daily half-hour inactive period from midnight to 12:30 AM.
following graphic shows a traffic profile with a PTW of one week, a sampling rate of five minutes, and
a daily half-hour inactive period from midnight to 12:30 AM.