Cisco Cisco FirePOWER Appliance 7020
27-8
FireSIGHT System User Guide
Chapter 27 Using the FireSIGHT System as a Compliance Tool
Creating Compliance White Lists
When you create a white list, you can survey either your entire network or a specific network segment.
Surveying the network populates the white list with one host profile for each operating system that the
system has detected on the network segment. By default, these host profiles allow all of the clients,
application protocols, web applications, and protocols that the system has detected on the applicable
operating systems.
Surveying the network populates the white list with one host profile for each operating system that the
system has detected on the network segment. By default, these host profiles allow all of the clients,
application protocols, web applications, and protocols that the system has detected on the applicable
operating systems.
Then, you must specify the targets of the white list. You can configure a white list to evaluate all the
hosts on your monitored network, or you can restrict the white list to evaluate only certain network
segments or even individual hosts. You can further restrict the white list so that it evaluates only hosts
that have a certain host attribute or that belong to a certain VLAN. If you surveyed your network, by
default the network segment that you surveyed represents the white list targets. You can edit or delete
the surveyed network, or you can add new targets.
hosts on your monitored network, or you can restrict the white list to evaluate only certain network
segments or even individual hosts. You can further restrict the white list so that it evaluates only hosts
that have a certain host attribute or that belong to a certain VLAN. If you surveyed your network, by
default the network segment that you surveyed represents the white list targets. You can edit or delete
the surveyed network, or you can add new targets.
Next, create host profiles that represent compliant hosts. Host profiles in a white list specify which
operating systems, clients, application protocols, web applications, and protocols are allowed to run on
the target hosts. You can configure the global host profile, edit the host profiles created by any network
survey your performed, as well as add new host profiles, and add and edit shared host profiles.
operating systems, clients, application protocols, web applications, and protocols are allowed to run on
the target hosts. You can configure the global host profile, edit the host profiles created by any network
survey your performed, as well as add new host profiles, and add and edit shared host profiles.
Finally, save the white list and add it to an active correlation policy. The system begins evaluating the
target hosts for compliance, generating white list events when a host violates the white list, and
triggering any responses you have configured to white list violations. For a more detailed introduction
to compliance white lists, see
target hosts for compliance, generating white list events when a host violates the white list, and
triggering any responses you have configured to white list violations. For a more detailed introduction
to compliance white lists, see
Tip
You can also create a white list from a table view of hosts. For more information, see
To create a compliance white list:
Access:
Admin
Step 1
Select
Policies > Correlation
, then click
White List
.
The White List page appears.
Step 2
Click
New White List
.
The Survey Network page appears.
Step 3
Optionally, survey your network:
•
To survey your network, see
•
To create a white list without surveying your network, click
Skip
and continue with the next step.
The Create White List page appears.
Step 4
In the
Name
field, type a name for the new white list.
Step 5
In the
Description
field, type a short description of the white list.
Step 6
To allow jailbroken mobile devices on your network, enable
Allow Jailbroken Mobile Devices
. To cause all
jailbroken devices evaluated by the white list to generate a white list violation, disable the option.
Step 7
Specify the targets for the white list. You can edit or delete the targets created by a network survey as
well as add new targets. Optionally, further restrict targets based on host attributes or VLAN ID. For
more information, see
well as add new targets. Optionally, further restrict targets based on host attributes or VLAN ID. For
more information, see
.
Step 8
Create host profiles that represent compliant hosts. You can configure the global host profile, edit the
host profiles created by a network survey, as well as add new host profiles and add and edit shared host
profiles. For more information, see
host profiles created by a network survey, as well as add new host profiles and add and edit shared host
profiles. For more information, see
.