для Cisco Cisco Firepower Management Center 4000
22-2
FireSIGHT System User Guide
Chapter 22 Using Advanced Settings in an Intrusion Policy
Modifying Advanced Settings
An advanced setting must be enabled for you to configure it. Your configuration is retained if you
configure an advanced setting and then disable it. When you enable an advanced setting, a sublink to the
configuration page for the advanced setting appears beneath the
configure an advanced setting and then disable it. When you enable an advanced setting, a sublink to the
configuration page for the advanced setting appears beneath the
Advanced Settings
link in the navigation
panel, and an
Edit
link to the configuration page appears next to the advanced setting on the Advanced
Settings page. When you disable an advanced setting, the advanced setting sublink and
Edit
link no longer
appear.
Tip
You cannot disable the Performance Statistics Configuration advanced setting. This ensures that Support
can troubleshoot your system.
can troubleshoot your system.
Modifying the configuration of an advanced setting requires an understanding of the configuration you
are modifying and its potential impact on your network. The following sections provide links to specific
configuration details for each advanced setting.
are modifying and its potential impact on your network. The following sections provide links to specific
configuration details for each advanced setting.
Application Layer Preprocessors
Application-layer protocol decoders normalize specific types of packet data into formats that the rules
engine can analyze. See the following table for more information.
engine can analyze. See the following table for more information.
SCADA Preprocessors
The Modbus and DNP3 preprocessors detect traffic anomalies and provide data to the rules engine for
inspection.
inspection.
Table 22-1
Application Layer Preprocessor Settings
For information on...
See...
DCE/RPC Configuration
DNS Configuration
FTP and Telnet Configuration
HTTP Configuration
Sun RPC Configuration
SIP Configuration
GTP Command Channel Configuration
IMAP Configuration
POP Configuration
SMTP Configuration
SSH Configuration
SSL Configuration
Table 22-2
SCADA Preprocessor Settings
For information on...
See...
Modbus Configuration
DNP3 Configuration