Cisco Cisco FirePOWER Appliance 7020
13-8
FireSIGHT System User Guide
Chapter 13 Using Access Control Policies
Configuring Policies
•
To send connection events to syslog, select
Syslog
, then select a syslog alert response from the
drop-down list. Optionally, you can configure a syslog alert response by clicking the add icon (
);
.
•
To send connection events to an SNMP trap server, select
SNMP Trap
, then select an SNMP alert
response from the drop-down list. Optionally, you can configure an SNMP alert response by clicking
the add icon (
the add icon (
); see
Step 6
Save your changes.
You must apply the access control policy for your changes to take effect; see
.
Using Custom User Roles with Access Control Policies
License:
Any
As described in
, you can create custom user roles with
specialized access privileges. Custom user roles can have any set of menu-based and system permissions,
and may be completely original or based on a predefined user role. Custom roles for access
control-related features determine whether users can view, modify, and apply access control, intrusion,
and file policies, as well as insert or modify rules in the Administrator Rules or Root Rules categories.
and may be completely original or based on a predefined user role. Custom roles for access
control-related features determine whether users can view, modify, and apply access control, intrusion,
and file policies, as well as insert or modify rules in the Administrator Rules or Root Rules categories.
The following table shows five example custom roles that determine how FireSIGHT System users
interact with access control features. The table lists, in the order they appear when creating custom user
roles, the privileges required for each custom role.
interact with access control features. The table lists, in the order they appear when creating custom user
roles, the privileges required for each custom role.
Note that the system can render the web interface differently depending on whether a user can apply both
access control policies and intrusion policies, only intrusion policies, or neither. For example, the
Intrusion Policies Applier in the table above can view access control policies and apply intrusion
policies, but cannot edit access control policies or intrusion policies, cannot apply access control
policies, and cannot view file policies. In the web interface:
access control policies and intrusion policies, only intrusion policies, or neither. For example, the
Intrusion Policies Applier in the table above can view access control policies and apply intrusion
policies, but cannot edit access control policies or intrusion policies, cannot apply access control
policies, and cannot view file policies. In the web interface:
Table 13-4
Example Access Control Custom Roles
Custom Role Permission
Access Control
Editor
Editor
Intrusion Editor
File Policy Editor
Policy Applier
(All)
(All)
Intrusion Policy
Applier
Applier
Access Control
yes
no
no
yes
yes
Access Control List
yes
no
no
yes
yes
Modify Access Control
Policy
Policy
yes
no
no
no
no
Apply Intrusion Policies
no
no
no
yes
yes
Apply Access Control
Policies
Policies
no
no
no
yes
no
Intrusion
no
yes
no
no
no
Intrusion Policy
no
yes
no
no
no
Modify Intrusion Policy
no
yes
no
no
no
File Policy
no
no
yes
no
no
Modify File Policy
no
no
yes
no
no