Cisco Cisco FirePOWER Appliance 7020
20-20
FireSIGHT System User Guide
Chapter 20 Configuring Intrusion Policies
Understanding the Base Policy
Accepting Rule Setting Changes from a Custom Base Policy
License:
Protection
When you set event filters, dynamic states, and alerting for selected rules in a custom policy that you use
as your base policy, then remove those settings in the policy that uses the custom policy as its base policy,
your intrusion policy ignores subsequent setting changes that you make to the affected rules in the
custom policy you use as your base policy.
as your base policy, then remove those settings in the policy that uses the custom policy as its base policy,
your intrusion policy ignores subsequent setting changes that you make to the affected rules in the
custom policy you use as your base policy.
The following procedure explains how to set a policy where you have not added layers to accept changes
to rule settings that you make in the custom policy that you use as your base policy. See
to rule settings that you make in the custom policy that you use as your base policy. See
layers.
To accept rule setting changes in a policy where you have not added layers:
Access:
Admin/Intrusion Admin
Step 1
Select
Policies > Intrusion > Intrusion Policy
.
The Intrusion Policy page appears.
Step 2
Click the edit icon (
) next to the intrusion policy where you want to unblock settings.
If you have unsaved changes in another policy, click
OK
to discard those changes and continue. See
for information on saving unsaved changes in another
policy.
The Policy Information page appears.
Step 3
Expand
Policy Layers
in the navigation panel.
Step 4
Expand the link beneath
Policy Layers
, which is named
My Changes
if you have not renamed it.
Step 5
Click
Rules
beneath
My Changes
.
The Rules page for My Changes appears.
Step 6
Locate the rule or rules whose settings you want to accept. You have the following options:
•
To sort the current display, click on a column heading or icon. To reverse the sort, click again.
•
Construct a filter by clicking on keywords or arguments in the filter panel on the left. For more
information, see
information, see
.
The page refreshes to display all matching rules.
Step 7
Select the rule or rules whose settings you want to accept. You have the following options:
•
To select a specific rule, select the check box next to the rule.
•
To select all the rules in the current list, select the check box at the top of the column.
Step 8
Select
Inherit
from the
Rule State
drop-down list.
Step 9
Save your policy, continue editing, discard your changes, or exit while leaving your changes in the
system cache. See the
system cache. See the
table for more information.