для Cisco Cisco Firepower Management Center 4000
22-3
FireSIGHT System User Guide
Chapter 22 Using Advanced Settings in an Intrusion Policy
Modifying Advanced Settings
Transport/Network Layer Preprocessors
Network and transport layers preprocessors detect exploits at the network and transport layers. Before
packets are sent to preprocessors, the packet decoder converts packet headers and payloads into a format
that can be easily used by the preprocessors and the rules engine; it also detects various anomalous
behaviors in packet headers.
packets are sent to preprocessors, the packet decoder converts packet headers and payloads into a format
that can be easily used by the preprocessors and the rules engine; it also detects various anomalous
behaviors in packet headers.
Specific Threat Detection
The Back Orifice preprocessor analyzes UDP traffic for the Back Orifice magic cookie. The portscan
detector can be configured to report scan activity. Rate-based attack prevention can help you protect your
network against SYN floods and an extreme number of simultaneous connections designed to
overwhelm your network. The sensitive data preprocessor detects sensitive data such as credit card
numbers and Social Security numbers in ASCII text.
detector can be configured to report scan activity. Rate-based attack prevention can help you protect your
network against SYN floods and an extreme number of simultaneous connections designed to
overwhelm your network. The sensitive data preprocessor detects sensitive data such as credit card
numbers and Social Security numbers in ASCII text.
Detection Enhancement
With adaptive profiles, the system can adapt to network traffic by associating traffic with host
information from the network map and then processing the traffic accordingly.
information from the network map and then processing the traffic accordingly.
Intrusion Rule Thresholds
Global rule thresholding can prevent your system from being overwhelmed with a large number of events
by allowing you to use thresholds to limit the number of times the system logs and displays intrusion
events.
by allowing you to use thresholds to limit the number of times the system logs and displays intrusion
events.
Table 22-3
Transport and Network Layer Preprocessor Settings
For information on...
See...
Checksum Verification
Detection Settings
Inline Normalization
IP Defragmentation
Packet Decoding
TCP Stream Configuration
UDP Stream Configuration
Table 22-4
Specific Threat Detection Settings
For information on...
See...
Back Orifice Detection
Portscan Detection
Rate-Based Attack Prevention
Sensitive Data Detection
Table 22-5
Detection Enhancement Settings
For information on...
See...
Adaptive Profiles