Cisco Cisco FirePOWER Appliance 8120
Glossary
GL-35
FireSIGHT System User Guide
rule
A construct, usually within a
, that provides criteria against which network traffic is examined.
rule action
A setting that determines how the system handles network traffic that meets the conditions of a rule. See
and
rule state
is enabled (set to Generate Events or Drop and Generate Events), or disabled
(set to Disable) within an
. If you enable a rule, it is used to evaluate your network traffic;
if you disable a rule, it is not used.
rule update
An as-needed
s,
s, and preprocessor rules. A rule update may also delete rules, modify default intrusion policy
settings, and add or delete default variables and rule categories.
scheduled task
An administrative task that you can schedule to run once or at recurring intervals.
Security Intelligence
A feature that allows you to specify the traffic that can traverse your network, per
based on the source or destination IP address. This is especially useful if you want to blacklist—deny
traffic to and from—specific IP addresses, before the traffic is subjected to analysis by
traffic to and from—specific IP addresses, before the traffic is subjected to analysis by
s. Optionally, you can use a
setting for Security Intelligence filtering, which allows the
system to analyze connections that would have been blacklisted, but also logs the match to the blacklist.
Security Intelligence blacklist
In an
, a list of IP addresses that allows you to deny traffic to and from those hosts,
before the traffic is subjected to analysis by
s. A blacklist is comprised of
s, including the
. An access control policy’s
overrides its blacklist.
Security Intelligence feed
One of the types of
s, a dynamic collection of IP addresses that the system
downloads on a regular basis, at an interval you configure. Because feeds are regularly updated, using
them ensures that the system uses up-to-date information to filter your network traffic using the
them ensures that the system uses up-to-date information to filter your network traffic using the
feature. See also
Security Intelligence list
A simple static collection of IP addresses that you manually upload to the Defense Center as a
. Use lists to augment and fine-tune
s as well as the
and