Cisco Cisco FirePOWER Appliance 8130
28-20
FireSIGHT System User Guide
Chapter 28 Detecting Specific Threats
Detecting Sensitive Data
Deploying Sensitive Data Detection
License:
Protection
Because sensitive data detection can have a high impact on the performance of your FireSIGHT System,
Cisco recommends that you adhere to the following guidelines when creating your intrusion policy and
applying it as part of an access control policy:
Cisco recommends that you adhere to the following guidelines when creating your intrusion policy and
applying it as part of an access control policy:
•
Select the No Rules Active default policy as your base policy; see
for more information.
•
Ensure that the IP Defragmentation, FTP and Telnet Configuration, and TCP Stream Configuration
advanced settings are enabled in your intrusion policy; see
advanced settings are enabled in your intrusion policy; see
for more information.
•
Apply the access control policy that includes the intrusion policy containing your sensitive data
configuration to a separate device reserved for sensitive data detection; see
configuration to a separate device reserved for sensitive data detection; see
for more information.
Selecting Global Sensitive Data Detection Options
License:
Protection
Global sensitive data preprocessor options control how the preprocessor functions. You can modify
global options that specify the following:
global options that specify the following:
•
whether the preprocessor replaces all but the last four credit card or Social Security numbers in
triggering packets
triggering packets
•
which destination hosts on your network to monitor for sensitive data
•
how many total occurrences of all data types in a single session result in an event
Note that global sensitive data options are policy-specific and apply to all data types within an intrusion
policy. That is, you can configure different global sensitive data settings in different intrusion policies,
but not for different data types within the same intrusion policy.
policy. That is, you can configure different global sensitive data settings in different intrusion policies,
but not for different data types within the same intrusion policy.
The following table describes the global sensitive data detection options you can configure.
Table 28-7
Global Sensitive Data Detection Options
Option
Description
Mask
Replaces with Xs all but the last four digits of credit card numbers and Social
Security numbers in the triggering packet. The masked numbers appear in the
intrusion event packet view in the web interface and in downloaded packets. See
Security numbers in the triggering packet. The masked numbers appear in the
intrusion event packet view in the web interface and in downloaded packets. See
for more information.