Cisco Cisco FirePOWER Appliance 8130
41-9
FireSIGHT System User Guide
Chapter 41 Configuring Remediations
Creating Remediations
Step 4
Begin assigning Cisco PIX remediations to specific correlation policy rules.
Adding a Cisco PIX Instance
License:
FireSIGHT
After you configure SSH or Telnet on the Cisco PIX firewall, you can add an instance to the Defense
Center. If you have multiple firewalls you want to send remediations to, you must create a separate
instance for each firewall.
Center. If you have multiple firewalls you want to send remediations to, you must create a separate
instance for each firewall.
Note
Cisco recommends that you use an SSH connection instead of a Telnet connection. Data transmitted
using SSH is encrypted, making it much more secure than Telnet.
using SSH is encrypted, making it much more secure than Telnet.
To add a Cisco PIX instance:
Access:
Admin/Discovery Admin
Step 1
Select
Policies > Actions > Instances
.
The Instances page appears.
Step 2
From the
Add a New Instance
list, select
Cisco PIX Shun
and click
Add
.
The Edit Instance page appears.
Step 3
In the
Instance Name
field, type a name for the instance.
The name you choose cannot contain spaces or special characters and should be descriptive. For
example, if you intend to connect more than one Cisco firewall, you will have multiple instances, so you
may want to choose a name such as
example, if you intend to connect more than one Cisco firewall, you will have multiple instances, so you
may want to choose a name such as
PIX_01
,
PIX_02
, and so on.
Step 4
Optionally, type a description for the instance in the
Description
field.
Step 5
In the
PIX IP
field, enter the IP address of the Cisco PIX firewall you want to use for the remediation.
Step 6
If you require a specific username other than the default (
pix
), type it in the
Username
field.
Step 7
In the
Connection Password
fields, enter the password required to connect to the firewall using SSH or
Telnet. The password entered in both fields must match.
Step 8
In the
Enable Password
fields, enter the SSH or Telnet enable password. This is the password used to enter
privileged mode on the firewall. The password entered in both fields must match.
Step 9
In the
White List
field, enter IP addresses that you want to exempt from the remediation, one on each line.
You can also use CIDR notation or a specific IP address. For example, the following white list is accepted
by the system:
by the system:
10.1.1.152
172.16.1.0/24
Note that this white list is not associated with any compliance white lists you have created. For
information on using CIDR notation in the FireSIGHT System, see
information on using CIDR notation in the FireSIGHT System, see
.
Step 10
From the
Protocol
list, select the method you want to use to connect to the firewall.
Step 11
Click
Create
.
The instance is created and remediations appear in the Configured Remediations section of the page. You
must add specific remediations for them to be used in correlation policies. See the following sections for
more information:
must add specific remediations for them to be used in correlation policies. See the following sections for
more information: