Cisco Cisco FirePOWER Appliance 8390
![Cisco](https://files.manualsbrain.com/attachments/7380d0050044647c30f5c24bbbf5d0c0b6d9bb84/common/fit/150/50/faa183d287233c52228cfea3dbc2a127fe780f60564fcb0955d9c3d1cd23/brand_logo.png)
39-47
FireSIGHT System User Guide
Chapter 39 Configuring Correlation Policies and Rules
Creating Correlation Policies
Step 1
On the Create Policy page, from the
Priority
list for each rule or white list, select a default priority. You
can select:
•
a priority value from 1 to 5, where 1 is highest and 5 is lowest
•
None
•
Default
to use the policy’s default priority
Step 2
Continue with the procedure in the next section,
Adding Responses to Rules and White Lists
License:
Any
Within a correlation policy, you can map each rule or white list to a single response or to a group of
responses. When any one of the rules or white lists in a policy is violated, the system logs an associated
event to the database and launches the responses assigned to that rule or white list. If multiple rules or
white lists within a policy trigger, the Defense Center launches the responses associated with each rule
or white list.
responses. When any one of the rules or white lists in a policy is violated, the system logs an associated
event to the database and launches the responses assigned to that rule or white list. If multiple rules or
white lists within a policy trigger, the Defense Center launches the responses associated with each rule
or white list.
For more information on creating responses and response groups, see:
•
•
•
Note
Do not assign an Nmap remediation as a response to a correlation rule that triggers on a traffic profile
change. The remediation will not launch.
change. The remediation will not launch.
The following graphic shows a correlation policy composed of a compliance white list and a set of
correlation rules, configured with a variety of responses.
correlation rules, configured with a variety of responses.