Cisco Cisco FirePOWER Appliance 7030
39-44
FireSIGHT System User Guide
Chapter 39 Configuring Correlation Policies and Rules
Creating Correlation Policies
Step 1
Select
Policies > Correlation
, then click
Groups
.
The Groups page appears.
Step 2
Next to the response group you want to activate or deactivate, click the slider.
If the group was activated, it is deactivated. If it was deactivated, it is activated.
Creating Correlation Policies
License:
Any
After you create correlation rules or compliance white lists (or both), and, optionally, alert responses and
remediations, you can use them to build correlation policies.
remediations, you can use them to build correlation policies.
When your network traffic meets the criteria specified in a correlation rule or white list in an active
policy, the Defense Center generates either a correlation event or white list event. It also launches any
responses you assigned to the rule or white list. You can map each rule or white list to a single response
or to a group of responses. If the network traffic triggers multiple rules or white lists, the Defense Center
launches all the responses associated with each rule and white list.
policy, the Defense Center generates either a correlation event or white list event. It also launches any
responses you assigned to the rule or white list. You can map each rule or white list to a single response
or to a group of responses. If the network traffic triggers multiple rules or white lists, the Defense Center
launches all the responses associated with each rule and white list.
For more information on creating the correlation rules, compliance white lists, and responses you can
use to build a correlation policy, see the following sections:
use to build a correlation policy, see the following sections:
•
•
•
•
Tip
Optionally, create a skeleton policy and modify it later to add rules and responses.
To create a correlation policy:
Access:
Admin/Discovery Admin
Step 1
Select
Policies > Correlation
.
The Policy Management page appears.
Step 2
Click
Create Policy
.
The Create Policy page appears.
Step 3
Provide basic policy information, such as the name and description.
See
Step 4
Add one or more rules or white lists to the correlation policy.
See
.
Step 5
Optionally, set rule and white list priorities.
See
Step 6
Optionally, add responses to the rules or white lists you added.