Cisco Cisco Firepower Management Center 2000
27-28
FireSIGHT System User Guide
Chapter 27 Using the FireSIGHT System as a Compliance Tool
Working with White List Events
Step 5
Click
Save all Profiles
to save your changes.
The shared host profile is deleted and removed from all compliance white lists that use it.
Resetting Built-In Host Profiles to Their Factory Defaults
License:
FireSIGHT
The default white list uses a special category of shared host profiles, called built-in host profiles. Built-in
host profiles use built-in application protocols, protocols, and clients. You can use any these elements
as-is in both the default white list and in any custom white list that you create, or you can modify them
to suit your needs. For more information, see
host profiles use built-in application protocols, protocols, and clients. You can use any these elements
as-is in both the default white list and in any custom white list that you create, or you can modify them
to suit your needs. For more information, see
If you make changes to the built-in profiles, application protocols, protocols, web applications, or clients
that you need to undo, you can reset to factory defaults. When you reset to factory defaults, the following
things occur:
that you need to undo, you can reset to factory defaults. When you reset to factory defaults, the following
things occur:
•
All built-in host profiles, application protocols, protocols, and clients that you modified are reset to
their factory defaults.
their factory defaults.
•
All built-in host profiles, application protocols, protocols, and clients that you deleted are restored.
•
All white lists (including the default white list) that are used by active correlation policies and that
used any of the reset built-in host profiles, application protocols, protocols, or clients are
re-evaluated. Although this re-evaluation may change the compliance of some hosts into
compliance, it does not generate any white list events.
used any of the reset built-in host profiles, application protocols, protocols, or clients are
re-evaluated. Although this re-evaluation may change the compliance of some hosts into
compliance, it does not generate any white list events.
To reset built-in host profiles, application protocols, protocols, and clients:
Access:
Admin
Step 1
Select
Policies > Correlation
, then click
White List
.
The White List page appears.
Step 2
Click
Edit Shared Profiles
.
The Edit Shared Profiles page appears.
Step 3
Click
Built-in Host Profiles
.
The Built-in Host Profiles page appears.
Step 4
Click
Reset to Factory Defaults
.
Step 5
Confirm that you want to reset to factory defaults by clicking
OK
.
All built-in host profiles, application protocols, protocols, and clients are reset to factory defaults. Any
white list that is used by an active correlation policy and that used any of the reset built-in host profiles,
application protocols, protocols, or clients is re-evaluated.
white list that is used by an active correlation policy and that used any of the reset built-in host profiles,
application protocols, protocols, or clients is re-evaluated.
Working with White List Events
License:
FireSIGHT