для Cisco Cisco Firepower Management Center 4000
5-19
FireSIGHT System User Guide
Chapter 5 Managing Reusable Objects
Working with Variable Sets
Understanding Variable Sets
License:
Protection
Adding a variable to any set adds it to all sets; that is, each variable set is a collection of all variables
currently configured on your system. Within any variable set, you can add user-defined variables and
customize the value of any variable.
currently configured on your system. Within any variable set, you can add user-defined variables and
customize the value of any variable.
Initially, the FireSIGHT System provides a single, default variable set comprised of predefined default
values. Each variable in the default set is initially set to its default value, which for a predefined variable
is the value set by the VRT and provided in rule updates.
values. Each variable in the default set is initially set to its default value, which for a predefined variable
is the value set by the VRT and provided in rule updates.
Although you can leave predefined default variables configured to their default values, Cisco
recommends that you modify a subset of predefined variables as described in
recommends that you modify a subset of predefined variables as described in
You could work with variables only in the default set, but in many cases you can benefit most by adding
one or more custom sets, configuring different variable values in different sets, and perhaps even adding
new variables.
one or more custom sets, configuring different variable values in different sets, and perhaps even adding
new variables.
When using multiple sets, it is important to remember that the current value of any variable in the default
set determines the default value of the variable in all other sets.
set determines the default value of the variable in all other sets.
Example: Adding a User-Defined Variable to the Default Set
The following diagram illustrates set interactions when you add the user-defined variable
Var1
to the
default set with the value
192.168.1.0/24
.
$SSH_SERVERS
Defines SSH servers on your network, and is used in rules that
address SSH-targeted exploits.
address SSH-targeted exploits.
Yes, if you run SSH servers, you
should adequately define
should adequately define
$HOME_NET
and then include
$HOME_NET
as the
value for
$SSH_SERVERS.
$TELNET_SERVERS
Defines known Telnet servers on your network, and is used in
rules that address Telnet server-targeted exploits.
rules that address Telnet server-targeted exploits.
Yes, if you run Telnet servers.
$USER_CONF
Provides a general tool that allows you to configure one or more
features not otherwise available via the web interface. See
features not otherwise available via the web interface. See
.
Caution
Conflicting or duplicate
$USER_CONF
configurations
will halt the system. See
No, only as instructed in a feature
description or with the guidance of
Support.
description or with the guidance of
Support.
Table 5-2
Variables Provided by Cisco (continued)
Variable Name
Description
Modify?