Cisco Cisco Firepower Management Center 4000

21-9

FireSIGHT System User Guide

Chapter 21 Managing Rules in an Intrusion Policy

Viewing Rules in an Intrusion Policy

The system adds the dynamic rule state and displays a dynamic state icon (

) next to the rule in the

Dynamic State column. If you add multiple dynamic rule state filters to a rule, a number over the icon
indicates the number of filters.

If any required fields are left blank, you will receive an error message indicating which fields must be
filled.

Setting an SNMP Alert for a Rule

License:

Protection

You can set an SNMP alert for a rule from the Rule Detail page. For more information on SNMP alerts,
see

Adding Alerts, page 21-32

To add an SNMP alert from the rule details:

Access:

Admin/Intrusion Admin

Step 1

Click

Add SNMP Alert

next to Alerts.

The system adds the alert and displays an alert icon (

) next to the rule in the Alerting column. If you

add multiple alerts to a rule, the system includes an indication over the icon of the number of alerts.

Adding a Rule Comment for a Rule

License:

Protection

You can add a rule comment for a rule from the Rule Detail page. For more information on rule
comments, see

Adding Rule Comments, page 21-33

To add a comment from the rule details:

Access:

Admin/Intrusion Admin

Step 1

Click

Add

next to Comments.

The Add Comment dialog box appears.

Step 2

Type the rule comment.

Step 3

Click

The system adds the comment and displays a comment icon (

) next to the rule in the Comments

column. If you add multiple comments to a rule, a number over the icon indicates the number of
comments.

Tip

To delete a rule comment, click

Delete

in the rule comments section. Note that you can only delete a

comment if the comment is cached with uncommitted intrusion policy changes. After intrusion policy
changes are committed, the rule comment is permanent.