Cisco Cisco FirePOWER Appliance 7020
27-10
FireSIGHT System User Guide
Chapter 27 Using the FireSIGHT System as a Compliance Tool
Creating Compliance White Lists
Make sure to specify a network that you configured the system to monitor in the network discovery
policy. For information on using IP address notation in the FireSIGHT System, see
policy. For information on using IP address notation in the FireSIGHT System, see
.
Tip
To survey the entire monitored network, use the default values of
0.0.0.0/0
and
::/0
.
Step 5
Click
OK
.
The Create White List page appears.
The white list is pre-populated; its targets are the hosts in the network you surveyed and its allowed host
profiles are those of the targets.
profiles are those of the targets.
Step 6
To survey additional networks, click
Target Network
and repeat steps
for each additional network
you want to survey.
Surveying an additional network can add additional allowed clients, application protocols, web
applications, and protocols to the host profiles that already exist, and can create additional host profiles
if the survey detects hosts running operating systems that were not detected during the initial survey.
Surveying an additional network also adds a target to the white list that represents the hosts in the
network segment that you surveyed. You can then edit or delete this target.
applications, and protocols to the host profiles that already exist, and can create additional host profiles
if the survey detects hosts running operating systems that were not detected during the initial survey.
Surveying an additional network also adds a target to the white list that represents the hosts in the
network segment that you surveyed. You can then edit or delete this target.
Step 7
Continue with the next section,
Providing Basic White List Information
License:
FireSIGHT
You must give each white list a name, and, optionally, a short description. In addition, you can choose
whether jailbroken mobile devices should cause a white list violation.
whether jailbroken mobile devices should cause a white list violation.
To provide basic white list information:
Access:
Admin
Step 1
In the
Name
field, type a name for the new white list.
Step 2
In the
Description
field, type a short description of the white list.
Step 3
To allow jailbroken mobile devices on your network, enable
Allow Jailbroken Mobile Devices
. To cause all
jailbroken devices evaluated by the white list to generate a white list violation, disable the option.
Step 4
Continue with the next section,
Configuring Compliance White List Targets
License:
FireSIGHT
When you create a compliance white list, you must specify the portions of your network it applies to.
You can use a white list to evaluate all the hosts on your monitored network, or you can restrict the white
list to evaluate only certain network segments or even individual hosts. You can further restrict the white
list so that it evaluates only hosts that have a certain host attribute or that belong to a certain VLAN. A
You can use a white list to evaluate all the hosts on your monitored network, or you can restrict the white
list to evaluate only certain network segments or even individual hosts. You can further restrict the white
list so that it evaluates only hosts that have a certain host attribute or that belong to a certain VLAN. A