Cisco Cisco FirePOWER Appliance 7115
Version 5.3
Sourcefire 3D System User Guide
639
Introduction to Sourcefire Intrusion Prevention
The Benefits of Custom Intrusion Policies
Chapter 16
Additionally, within each intrusion policy, you can tune rules in the following ways:
•
Improve performance by using fewer rules; disable rules that are not
applicable to your environment.
•
Verify that all rules applicable to your environment are enabled.
•
For inline deployments, specify which rules should drop malicious packets
from the packet stream.
TIP!
You can use network discovery to identify the operating systems on
your network. This allows you to more easily identify which rules are
applicable to your environment.
Within the intrusion policy, you can also set suppression levels and thresholds to
control how frequently you are notified of intrusion events. You can choose to
suppress event notifications and set thresholds for individual rules or entire
intrusion policies. For more information, see
Specifying the protocol analysis, data normalization, and traffic inspection
performed by the system and saving this configuration as a whole allows you to
control the kind of information the system provides you to best meet your
enterprise security needs. It also provides a simple mechanism for changing as
much or little of your policy as needed to continue to detect new attacks and
exploits.
You can also tune rules in the following ways:
You can also tune rules in the following ways:
•
Modify existing rules, if necessary, using the rule editor to correspond the
rules to your network infrastructure.
•
Write new standard text rules as needed using the Snort language and the
rule editor to catch new exploits or to enforce your security policies.
For details on rule keywords, their arguments and syntax, and how to tune your