Cisco Cisco FirePOWER Appliance 7030
41-10
FireSIGHT System User Guide
Chapter 41 Configuring Remediations
Creating Remediations
•
•
Cisco PIX Block Destination Remediations
License:
FireSIGHT
The Cisco PIX Block Destination remediation allows you to block traffic sent from the destination host
in a correlation event.
in a correlation event.
Note
Do not use this remediation as a response to a correlation rule that is based on a discovery event;
discovery events only transmit a source host and not a destination host. You can use this remediation in
response to correlation rules that are based on connection events or intrusion events.
discovery events only transmit a source host and not a destination host. You can use this remediation in
response to correlation rules that are based on connection events or intrusion events.
To add the remediation:
Access:
Admin/Discovery Admin
Step 1
Select
Policies > Actions > Instances
.
The Instances page appears.
Step 2
Next to the instance where you want to add the remediation, click
View
.
If you have not yet added an instance, see
.
The Edit Instance page appears.
Step 3
In the
Configured Remediations
section, select
Block Destination
and click
Add
.
The Edit Remediation page appears.
Step 4
In the
Remediation Name
field, enter a name for the remediation.
The name you choose cannot contain spaces or special characters and should be descriptive. For
example, if you have multiple Cisco PIX firewall instances and multiple remediations for each instance,
you may want to specify a name such as
example, if you have multiple Cisco PIX firewall instances and multiple remediations for each instance,
you may want to specify a name such as
PIX_01_BlockDest
.
Step 5
Optionally, in the
Description
field, enter a description of the remediation.
Step 6
Click
Create
, then click
Done
.
The remediation is added.
Cisco PIX Block Source Remediations
License:
FireSIGHT
The Cisco PIX Block Source remediation allows you to block any traffic sent from the source host
included in the event that violates a correlation policy. The source host is the source IP address in the
connection event or intrusion event upon which the correlation rule is based, or the host IP address in a
discovery event.
included in the event that violates a correlation policy. The source host is the source IP address in the
connection event or intrusion event upon which the correlation rule is based, or the host IP address in a
discovery event.