Cisco Cisco FirePOWER Appliance 8390
28-25
FireSIGHT System User Guide
Chapter 28 Detecting Specific Threats
Detecting Sensitive Data
The Advanced Settings page appears.
Step 4
You have two choices, depending on whether
Sensitive Data Detection
under Specific Threat Detection is
enabled:
•
If the configuration is enabled, click
Edit
.
•
If the configuration is disabled, click
Enabled
, then click
Edit
.
The Sensitive Data Detection page appears. A message at the bottom of the page identifies the intrusion
policy layer that contains the configuration. See
policy layer that contains the configuration. See
for more
information.
Step 5
You can take any of the actions described in the
table.
Step 6
Save your policy, continue editing, discard your changes, revert to the default configuration settings in
the base policy, or exit while leaving your changes in the system cache. See the
the base policy, or exit while leaving your changes in the system cache. See the
table for more information.
Selecting Application Protocols to Monitor
License:
Control
You can specify up to eight application protocols to monitor for each data type. See
for more information on the application protocols the system can detect on your
network.
At least one detector must be enabled (see
application protocol you select. By default, all Cisco-provided detectors are activated. If no detector is
enabled for an application protocol, the system automatically enables all Cisco-provided detectors for
the application; if none exist, the system enables the most recently modified user-defined detector for
the application.
enabled for an application protocol, the system automatically enables all Cisco-provided detectors for
the application; if none exist, the system enables the most recently modified user-defined detector for
the application.
You must specify at least one application protocol or port to monitor for each data type. However, except
in the case where you want to detect sensitive data in FTP traffic, Cisco recommends for the most
complete coverage that you specify corresponding ports when you specify application protocols. For
example, if you specify HTTP, you might also configure the well-known HTTP port 80. If a new host on
your network implements HTTP, the system will monitor port 80 during the interval when it is
discovering the new HTTP application protocol.
in the case where you want to detect sensitive data in FTP traffic, Cisco recommends for the most
complete coverage that you specify corresponding ports when you specify application protocols. For
example, if you specify HTTP, you might also configure the well-known HTTP port 80. If a new host on
your network implements HTTP, the system will monitor port 80 during the interval when it is
discovering the new HTTP application protocol.
In the case where you want to detect sensitive data in FTP traffic, you must specify the
FTP data
application protocol and enable the FTP/Telnet preprocessor, and there is no advantage in specifying a
port number. See
port number. See
for more information.
To modify application protocols to detect sensitive data:
Access:
Admin/Intrusion Admin
Step 1
Select
Policies > Intrusion > Intrusion Policy
.
The Intrusion Policy page appears.
Step 2
Click the edit icon (
) next to the policy you want to edit.
If you have unsaved changes in another policy, click
OK
to discard those changes and continue. See
for information on saving unsaved changes in another
policy.
The Policy Information page appears.