для Cisco Cisco Firepower Management Center 4000

When you create either correlation rule trigger criteria, host profile qualifications, user qualifications, 
or connection trackers, the syntax varies but the mechanics remain consistent. For more information, See 

.

Admin/Discovery Admin

Select 

,

then select the 

 tab.

The Rule Management page appears.

Click 

.

The Create Rule page appears.

Provide basic rule information, such as the rule name, description, and group.

See 

.

Specify the basic criteria on which you want the rule to trigger.

See 

.

Optionally, add a host profile qualification to the rule.

See 

.

Optionally, add a connection tracker to the rule.

See 

.

Optionally, add a user qualification to the rule.

See 

.

Optionally, add an inactive period or snooze period (or both) to the rule.

See 

.

Click 

.

The rule is saved. You can now use the rule within correlation policies or within other correlation rules 
that trigger on the same event type.

trigger a correlation rule on a connection event with URL data, or build 
a connection tracker using URL data

Note that neither Series 2 devices nor the DC500 Defense Center 
support URL filtering by category or reputation, and Series 2 devices do 
not support URL filtering by literal URL or URL group.

URL Filtering

trigger a correlation rule on a malware event based on network-based 
malware data or retrospective network-based malware data

Note that neither Series 2 devices nor the DC500 Defense Center 
support network-based malware protection.

Malware