Cisco Cisco FirePOWER Appliance 8390
23-7
FireSIGHT System User Guide
Chapter 23 Using Layers in an Intrusion Policy
Understanding Intrusion Policy Layers
recommendation-filtered views of the Rules page in read-only mode. On the Rules page, you can further
filter the read-only recommendations, sort the display by column, and show details of individual rules.
See
filter the read-only recommendations, sort the display by column, and show details of individual rules.
See
for more information on working with rules on
the Rules page.
Adding the FireSIGHT Recommendations layer also adds a Rules sublink beneath the FireSIGHT
Recommendations link in the navigation panel. The Rules sublink provides access to a read-only display
of the Rules page in the FireSIGHT Recommendations layer. Note the following in this view:
Recommendations link in the navigation panel. The Rules sublink provides access to a read-only display
of the Rules page in the FireSIGHT Recommendations layer. Note the following in this view:
•
When there is no rule state icon in the state column, the state is inherited from the base policy.
•
When there is no rule state icon in the FireSIGHT Recommendations column in this or other Rules
page views, there is no recommendation for this rule.
page views, there is no recommendation for this rule.
Note that when a rule in the FireSIGHT Recommendations layer has no recommendation, its rule
overhead rating was higher than the setting for
overhead rating was higher than the setting for
Recommendation Threshold (By Rule Overhead)
when
recommendations were last generated. See
for more
information.
See
for more information.
Using Layers with Advanced Settings
License:
Protection
When you select
Advanced Settings
in the navigation panel, you go to the Advanced Settings page. On this
page you can enable or disable advanced settings in your intrusion policy and access advanced setting
configuration pages. The Advanced Settings page provides a summary of the effective states for all
advanced settings in your intrusion policy. For example, if SSL Configuration is set to Disabled in one
layer, then set to Enabled in a higher layer, the Advanced Settings page shows SSL Configuration as set
to Enabled. Changes made in the Advanced Settings page appear in the top layer of the policy. See
configuration pages. The Advanced Settings page provides a summary of the effective states for all
advanced settings in your intrusion policy. For example, if SSL Configuration is set to Disabled in one
layer, then set to Enabled in a higher layer, the Advanced Settings page shows SSL Configuration as set
to Enabled. Changes made in the Advanced Settings page appear in the top layer of the policy. See
for more information on working with advanced settings on
the Advanced Settings page.
When you expand
Policy Layers
in the navigation panel and then select any user-configurable layer, you
go to the Layer summary page for the layer. On this page you can enable or disable advanced settings
and access advanced setting configuration pages for the layer. You can also modify the layer name and
description and configure whether to share the layer with other intrusion policies. See
and access advanced setting configuration pages for the layer. You can also modify the layer name and
description and configure whether to share the layer with other intrusion policies. See
for more information.
If you want an advanced setting to inherit its state and configuration from the base policy or a lower
layer, set the state to
layer, set the state to
Inherit
. Note that the Inherit state does not appear when you are working in the
Advanced Settings page. You can switch to the Layer summary page for another layer at any time by
selecting the layer name beneath
selecting the layer name beneath
Policy Layers
in the navigation panel.
When you enable an advanced setting, a sublink to the configuration page for the advanced setting
appears beneath the layer name in the navigation panel, and an
appears beneath the layer name in the navigation panel, and an
Edit
link to the configuration page for the
advanced setting appears on the Layer summary page for the advanced setting you enabled. When you
disable an advanced setting within a layer or set it to
disable an advanced setting within a layer or set it to
Inherit
, the advanced setting sublink and
Edit
link
no longer appear.
You can display the configuration page for an advanced setting from the Layer summary page by first
enabling the configuration if it is disabled and then clicking on
enabling the configuration if it is disabled and then clicking on
Edit
. When the advanced setting is
enabled in the layer, you can also display its configuration page by clicking on the sublink named for the
advanced setting in the navigation panel under
advanced setting in the navigation panel under
Policy Layers
.