Cisco Cisco FirePOWER Appliance 8360
23-11
FireSIGHT System User Guide
Chapter 23 Using Layers in an Intrusion Policy
Configuring User Layers
To configure layers in your intrusion policy:
Access:
Admin/Intrusion Admin
Step 1
Select
Policies > Intrusion > Intrusion Policy
.
The Intrusion Policy page appears.
Step 2
Click the edit icon (
) next to the policy you want to edit.
If you have unsaved changes in another policy, click
OK
to discard those changes and continue. See
for information on saving unsaved changes in another
policy.
display the Layer summary
page for a layer
page for a layer
click the layer name in the summary for the layer.
The Layer summary page for the layer appears.
From this page you can modify the layer name and description, set the layer to be shared by other
intrusion policies, configure advanced settings states, and access advanced settings
configuration pages. You can also display filtered Rules page views of rules whose states are set
in the layer; you can display filtered views for all rules or by rule state. See
intrusion policies, configure advanced settings states, and access advanced settings
configuration pages. You can also display filtered Rules page views of rules whose states are set
in the layer; you can display filtered views for all rules or by rule state. See
,
, and
for more information.
Note that, alternatively, you can click the view icon (
) to access the Layer summary page a
shared layer. Note also that the Layer summary page for a shared layer is read-only.
display the Layer summary
page for the base policy
page for the base policy
click the base policy name in the base policy summary.
The Layer summary page for the base policy appears.
From this page you can select a different base policy for your intrusion policy and specify
whether changes in an imported rule update your intrusion policy. You can view which advanced
settings are enabled or disabled in your base policy and access read-only configuration pages
showing the default configurations of advanced settings in the policy. Status messages give the
number of rules enabled in the policy and the number set to generate events and to drop packets
and generate events. From this page you can access a read-only view of the Rules page showing
the settings for all rules in the base policy. See
whether changes in an imported rule update your intrusion policy. You can view which advanced
settings are enabled or disabled in your base policy and access read-only configuration pages
showing the default configurations of advanced settings in the policy. Status messages give the
number of rules enabled in the policy and the number set to generate events and to drop packets
and generate events. From this page you can access a read-only view of the Rules page showing
the settings for all rules in the base policy. See
, and
for more information.
display a layer-level
advanced setting
configuration page
advanced setting
configuration page
click the advanced setting name in the summary for the layer.
Note that configuration pages are read-only in the base policy and in shared layers. See
and
, and for more information.
display rules in a layer by
rule state type
rule state type
click the icon for drop and generate events (
), generate events (
), or disabled (
) in the
summary for the layer, or on the description next to the icon for the rule state type you want to
display.
display.
Note that disabled rules are not displayed for the base policy or the Policy Summary. Note also
that each layer summary provides the total number of rules enabled (that is, the total set to
generate events or to drop and generate events) in the layer, and the total for each enabled rule
state. Also, note that the base policy rule state totals are the default enabled rule state settings
in the policy, and the Policy Summary totals are the effective sum of all enabled rule states for
all layers in the policy.
that each layer summary provides the total number of rules enabled (that is, the total set to
generate events or to drop and generate events) in the layer, and the total for each enabled rule
state. Also, note that the base policy rule state totals are the default enabled rule state settings
in the policy, and the Policy Summary totals are the effective sum of all enabled rule states for
all layers in the policy.
Table 23-3
Policy Layer Configuration Actions (continued)
To...
You can...