Cisco Cisco FirePOWER Appliance 8390
21-9
FireSIGHT System User Guide
Chapter 21 Managing Rules in an Intrusion Policy
Viewing Rules in an Intrusion Policy
The system adds the dynamic rule state and displays a dynamic state icon (
) next to the rule in the
Dynamic State column. If you add multiple dynamic rule state filters to a rule, a number over the icon
indicates the number of filters.
indicates the number of filters.
If any required fields are left blank, you will receive an error message indicating which fields must be
filled.
filled.
Setting an SNMP Alert for a Rule
License:
Protection
You can set an SNMP alert for a rule from the Rule Detail page. For more information on SNMP alerts,
see
see
.
To add an SNMP alert from the rule details:
Access:
Admin/Intrusion Admin
Step 1
Click
Add SNMP Alert
next to Alerts.
The system adds the alert and displays an alert icon (
) next to the rule in the Alerting column. If you
add multiple alerts to a rule, the system includes an indication over the icon of the number of alerts.
Adding a Rule Comment for a Rule
License:
Protection
You can add a rule comment for a rule from the Rule Detail page. For more information on rule
comments, see
comments, see
To add a comment from the rule details:
Access:
Admin/Intrusion Admin
Step 1
Click
Add
next to Comments.
The Add Comment dialog box appears.
Step 2
Type the rule comment.
Step 3
Click
OK
.
The system adds the comment and displays a comment icon (
) next to the rule in the Comments
column. If you add multiple comments to a rule, a number over the icon indicates the number of
comments.
comments.
Tip
To delete a rule comment, click
Delete
in the rule comments section. Note that you can only delete a
comment if the comment is cached with uncommitted intrusion policy changes. After intrusion policy
changes are committed, the rule comment is permanent.
changes are committed, the rule comment is permanent.