Cisco Cisco Firepower Management Center 2000

See 

Click 

.

The policy is saved.

You must activate the policy before it can generate correlation and white list events and launch 
responses to policy violations. For more information, see 

Any

You must give each policy an identifying name. Optionally, you can add a short description to the policy.

You can also assign a user-defined priority to your policy. If your correlation policy is violated, the 
resultant correlation events display the priority value you assign to the policy (unless the rule that was 
triggered has its own priority). 

Rule and white list priorities override policy priorities. For more information, see 

.

Admin/Discovery Admin

On the Create Policy page, in the 

 field, type a name for the policy.

In the 

 field, type a description for the policy.

From the 

 drop-down list, select a priority for the policy.

You can select a priority value from 1 to 5, where 1 is highest and 5 is lowest. Or, you can select 

 

to only use the priorities assigned to specific rules.

Continue with the procedure in the next section, 

Any

A correlation policy contains one or more correlation rules or white lists. When any rule or white list in 
a policy is violated, the system logs an event to the database. If you assigned one or more responses to 
the rule or white list, those responses are launched.

The following graphic shows a correlation policy composed of a compliance white list and a set of 
correlation rules, configured with a variety of responses.