Cisco Cisco FirePOWER Appliance 8390
27-19
FireSIGHT System User Guide
Chapter 27 Using the FireSIGHT System as a Compliance Tool
Creating Compliance White Lists
Shared host profiles are also tied to specific operating systems, but you can use them across white lists.
That is, if you create multiple white lists but want to use the same host profile to evaluate hosts running
a particular operating system across the white lists, use a shared host profile.
That is, if you create multiple white lists but want to use the same host profile to evaluate hosts running
a particular operating system across the white lists, use a shared host profile.
You can add any of the built-in shared host profiles to your compliance white lists, or you can add shared
host profiles that you created. For more information, see
host profiles that you created. For more information, see
and
To add a shared host profile to a compliance white list:
Access:
Admin
Step 1
On the Create White List page, click
Add Shared Host Profile
.
The Add Shared Host Profile page appears.
Step 2
From the
Name
drop-down list, select the shared host profile you want to add to your white list, and click
OK
.
The shared host profile is added to your white list and the Create White List page appears again. The
shared host profile’s name appears in italics under Allowed Host Profiles.
shared host profile’s name appears in italics under Allowed Host Profiles.
Tip
You can edit a shared host profile from within a white list that uses it by clicking on the profile name
under Allowed Host Profiles. For more information, see
under Allowed Host Profiles. For more information, see
Modifying Existing Host Profiles
License:
FireSIGHT
After you modify a host profile within a compliance white list, you must save the white list for your
changes to take effect.
changes to take effect.
If a host profile you modify belongs to a white list used in an active correlation policy, modifying the
profile may bring hosts into or out of compliance but does not generate white list events. Further,
modifying a shared host profile affects every white list that uses it. This may bring hosts into or out of
compliance not only in the white list you are working with, but in other white lists as well.
profile may bring hosts into or out of compliance but does not generate white list events. Further,
modifying a shared host profile affects every white list that uses it. This may bring hosts into or out of
compliance not only in the white list you are working with, but in other white lists as well.
Tip
As with other shared host profiles, you can edit the built-in host profiles used by the default white list.
You can also reset them to their factory defaults. For more information, see
You can also reset them to their factory defaults. For more information, see
To modify an existing host profile:
Access:
Admin
Step 1
On the Create White List page, click the name of the host profile you want to modify.
The settings for the host profile appear. Note that if you are editing a shared host profile, an
Edit
link
appears next to the name of the host profile. If you are editing a built-in host profile, the built-in host
profile icon (
profile icon (
) also appears.
Step 2
You have two options: