Cisco Cisco FirePOWER Appliance 7020
5-30
FireSIGHT System User Guide
Chapter 5 Managing Reusable Objects
Working with Variable Sets
•
Adding ports to the excluded list negates the specified ports and port ranges. That is, you can match
any port with the exception of the excluded ports or port ranges.
any port with the exception of the excluded ports or port ranges.
•
Excluded values must resolve to a subset of included values. For example, you cannot include the
port range 10-50 and exclude port 60. An error message warns you and identifies the offending
variable, and you cannot save your variable set when you exclude a value outside the range of
included values.
port range 10-50 and exclude port 60. An error message warns you and identifies the offending
variable, and you cannot save your variable set when you exclude a value outside the range of
included values.
For information on adding and editing port variables, see
Resetting Variables
License:
Protection
You can reset a variable to its default value on the variable set new or edit variables page. The following
table summarizes the basic principles of resetting variables.
table summarizes the basic principles of resetting variables.
Resetting a variable in a custom set simply resets it to the current value for that variable in the default set.
Conversely, resetting or modifying the value of a variable in the default set always updates the default
value of that variable in all custom sets. When the reset icon is grayed out, indicating that you cannot
reset the variable, this means that the variable has no customized value in that set. Unless you have
customized the value for a variable in a custom set, a change to the variable in the default set updates the
value used in any intrusion policy where you have linked the variable set.
value of that variable in all custom sets. When the reset icon is grayed out, indicating that you cannot
reset the variable, this means that the variable has no customized value in that set. Unless you have
customized the value for a variable in a custom set, a change to the variable in the default set updates the
value used in any intrusion policy where you have linked the variable set.
Note
It is good practice when you modify a variable in the default set to assess how the change affects any
intrusion policy that uses the variable in a linked custom set, especially when the you have not
customized the variable value in the custom set.
intrusion policy that uses the variable in a linked custom set, especially when the you have not
customized the variable value in the custom set.
You can hover your pointer over the reset icon (
) in a variable set to see the reset value. When the
customized value and the reset value are the same, this indicates one of the following:
•
you are in the custom or default set where you added the variable with the value
any
•
you are in the custom set where you added the variable with an explicit value and elected to use the
configured value as the default value
configured value as the default value
Linking Variable Sets to Intrusion Policies
License:
Control
By default, the FireSIGHT System links the default variable set to all intrusion policies used in an access
control policy. When you apply an access control policy that uses an intrusion policy, intrusion rules that
you have enabled in the intrusion policy use the variable values in the linked variable set.
control policy. When you apply an access control policy that uses an intrusion policy, intrusion rules that
you have enabled in the intrusion policy use the variable values in the linked variable set.
Table 5-6
Variable Reset Values
Resetting this variable type...
In this set type...
Resets it to...
default
default
the rule update value
user-defined
default
any
default or user-defined
custom
the current default set value
(modified or unmodified)
(modified or unmodified)