Cisco Cisco Firepower Management Center 4000
27-12
FireSIGHT System User Guide
Chapter 27 Using the FireSIGHT System as a Compliance Tool
Creating Compliance White Lists
Step 6
To add additional networks, repeat steps
and
Step 7
Target hosts that have a specific host attribute by clicking
Add
next to
Targeted Host Attributes
.
Step 8
From the
Attribute
and
Value
drop-down lists, specify the host attribute.
Step 9
To add additional host attributes, repeat steps
A host must have at least one of the host attributes you specify to be evaluated against the white list.
Step 10
Target hosts that belong to a specific VLAN by clicking
Add
next to
Targeted VLANs
.
Step 11
In the
VLAN ID
field, specify the VLAN IDs of the hosts you want to evaluate against the white list. This
can be any integer between 0 and 4095 for 802.1q VLANs.
Step 12
To add additional VLAN IDs, repeat steps
and
The host must be a member of one of the VLANs you specify to be evaluated against the white list.
Tip
To remove a network, host attribute restriction, or VLAN restriction, click the delete icon (
) next to
the element you want to delete.
Modifying Existing Targets
License:
FireSIGHT
After you modify a target, you must save the white list for your changes to take effect. Note that if you
modify a target in a white list that is used by an active correlation policy, after you save the white list,
any new target hosts are evaluated for compliance. However, this evaluation does not generate white list
events. In addition, the system changes the white list host attribute of previously valid targets to
modify a target in a white list that is used by an active correlation policy, after you save the white list,
any new target hosts are evaluated for compliance. However, this evaluation does not generate white list
events. In addition, the system changes the white list host attribute of previously valid targets to
Not
Evaluated
.
To modify an existing target:
Access:
Admin
Step 1
On the Create White List page, under
Targets
, click the target you want to modify.
The settings for the target appear.
Step 2
Make changes as needed.
You can rename the target, add or exclude additional networks, and add host attribute or VLAN
restrictions. For more information, see
restrictions. For more information, see
Deleting Existing Targets
License:
FireSIGHT
After you delete a target, you must save the white list for your changes to take effect. Note that if you
delete a target from a white list that is used by an active correlation policy, the system changes the white
list host attribute of previously valid targets to
delete a target from a white list that is used by an active correlation policy, the system changes the white
list host attribute of previously valid targets to
Not Evaluated
.