Cisco Cisco FirePOWER Appliance 8130
20-6
FireSIGHT System User Guide
Chapter 20 Configuring Intrusion Policies
Managing Intrusion Policies
You must apply the appropriate access control policy to put your changes into effect. See
for more information.
•
To open the advanced intrusion policy editor, click
Create and Edit Policy
for more information.
Editing an Intrusion Policy
License:
Protection
You can use the advanced intrusion policy editor to configure any intrusion policy feature. You can
configure most commonly used settings on or directly from the Policy Information page. For information
on more advanced intrusion policy features, see
configure most commonly used settings on or directly from the Policy Information page. For information
on more advanced intrusion policy features, see
and
The following table explains the most common actions taken when editing an intrusion policy:
Table 20-2
Common Intrusion Policy Editing Actions
To...
You can...
specify a different drop behavior in an
inline deployment
inline deployment
select or clear the
Drop when Inline
check box. See
for
more information.
select a different base policy
click Select Base Policy. See
for more information.
view the advanced settings that are
enabled by default in your base policy
enabled by default in your base policy
click
Manage Base Policy
for more information.
tailor variables and variable sets for
your specific network environment
your specific network environment
see
display or modify configured rule
attributes for the rules in your intrusion
policy
attributes for the rules in your intrusion
policy
click
Manage Rules
. See
for more information.
display a filtered view of the intrusion
policy Rules page showing rules
enabled in your policy by current rule
state and, optionally, set rule attributes
for specified rules
policy Rules page showing rules
enabled in your policy by current rule
state and, optionally, set rule attributes
for specified rules
click
View
next to the number of rules under
Manage Rules
that
are set to Generate Events or to Drop and Generate Events.
See
See
for
more information.
display the FireSIGHT Recommended
Rules configuration page
Rules configuration page
click FireSIGHT Recommendations in the navigation panel.
Alternately, click
Alternately, click
Click here to set up
FireSIGHT
recommendations
on the Policy Information page if you have
not generated recommendations, or
Click to change
recommendations
if you have generated recommendations.
for more information.