Cisco Cisco FirePOWER Appliance 7020
17-10
FireSIGHT System User Guide
Chapter 17 Introduction to Intrusion Prevention
The Benefits of Custom Intrusion Policies
Within the intrusion policy, you can also set suppression levels and thresholds to control how frequently
you are notified of intrusion events. You can choose to suppress event notifications and set thresholds
for individual rules or entire intrusion policies. For more information, see
you are notified of intrusion events. You can choose to suppress event notifications and set thresholds
for individual rules or entire intrusion policies. For more information, see
,
and
.
Specifying the protocol analysis, data normalization, and traffic inspection performed by the system and
saving this configuration as a whole allows you to control the kind of information the system provides
you to best meet your enterprise security needs. It also provides a simple mechanism for changing as
much or little of your policy as needed to continue to detect new attacks and exploits.
saving this configuration as a whole allows you to control the kind of information the system provides
you to best meet your enterprise security needs. It also provides a simple mechanism for changing as
much or little of your policy as needed to continue to detect new attacks and exploits.
You can also tune rules in the following ways:
•
Modify existing rules, if necessary, using the rule editor to correspond the rules to your network
infrastructure.
infrastructure.
•
Write new standard text rules as needed using the Snort language and the rule editor to catch new
exploits or to enforce your security policies.
exploits or to enforce your security policies.
For details on rule keywords, their arguments and syntax, and how to tune your rule set, see
.