Cisco Cisco FirePOWER Appliance 7115

Version 5.3

Sourcefire 3D System User Guide

1685

Configuring Remediations

Creating Remediations

Chapter 39

3. In the Configured Remediations section, select Block Destination and click Add.

The Edit Remediation page appears.

4. In the Remediation Name field, enter a name for the remediation.

The name you choose cannot contain spaces or special characters and should 

be descriptive. For example, if you have multiple Cisco IOS router instances 

and multiple remediations for each instance, you may want to specify a name 

such as 

IOS_01_BlockDest

.

5. Optionally, in the Description field, enter a description of the remediation.
6. Click Create, then click Done.

The remediation is added.

Cisco IOS Block Destination Network Remediations

: FireSIGHT

The Cisco IOS Block Destination Network remediation allows you to block any 

traffic sent from the router to the network of the destination host in a correlation 

event.

Do not use this remediation as a response to a correlation rule that 

is based on a discovery event; discovery events only transmit a source host and 

not a destination host. You can use this remediation in response to correlation 

rules that are based on connection events or intrusion events.

To add the remediation:

: Admin/Discovery Admin

1. Select Policies > Actions > Instances.

The Instances page appears.

2. Next to the instance where you want to add the remediation, click View.

If you have not yet added an instance, see 

page 1681.
The Edit Instance page appears.