для Cisco Cisco Firepower Management Center 4000
27-16
FireSIGHT System User Guide
Chapter 27 Using the FireSIGHT System as a Compliance Tool
Creating Compliance White Lists
Step 3
From the
Type
drop-down list, select the application protocol type. For custom application protocols,
select
any
.
Step 4
Specify the application protocol port. You have two options:
•
To allow the application protocol to run on any port, check the
Any port
check box.
•
To allow the application protocol to run only on a specific port, type the port number in the
port
field.
Step 5
From the
Protocol
drop-down list, select the protocol:
TCP
or
UDP
.
Step 6
Optionally, in the
Vendor
and
Version
fields, specify a vendor and version for the application protocol.
If you do not specify a vendor or version, the white list allows all vendors and versions as long as the
type and protocol match. Note that if you restrict the vendor and version, you must make sure to specify
them exactly as they would appear in an event view or in the application protocols network map.
type and protocol match. Note that if you restrict the vendor and version, you must make sure to specify
them exactly as they would appear in an event view or in the application protocols network map.
Step 7
Click
OK
.
The application protocol is added. Note that you must save the white list for your changes to take effect.
If you added an application protocol to a white list that is used by an active correlation policy, after you
save the white list, the target hosts are re-evaluated. Although this re-evaluation may bring some hosts
into compliance, it does not generate any white list events.
save the white list, the target hosts are re-evaluated. Although this re-evaluation may bring some hosts
into compliance, it does not generate any white list events.
Adding a Client to a Host Profile
License:
FireSIGHT
You can configure a compliance white list, using either a shared host profile or a host profile that belongs
to a single white list, to allow certain client applications to run on specific operating systems. You can
also configure a white list to allow certain clients to run on any valid target; these are called globally
allowed clients.
to a single white list, to allow certain client applications to run on specific operating systems. You can
also configure a white list to allow certain clients to run on any valid target; these are called globally
allowed clients.
Optionally, you can require that the client be a specific version. For example, you could allow only
Microsoft Internet Explorer 8.0 to run on Microsoft Windows hosts.
Microsoft Internet Explorer 8.0 to run on Microsoft Windows hosts.
To add a client to a compliance white list host profile:
Access:
Admin
Step 1
While you are creating or modifying a white list host profile, click the add icon (
) next to
Allowed
Clients
(or next to
Globally Allowed Clients
if you are modifying the Any Operating System host profile).
A pop-up window appears. The clients listed are:
•
clients that you created within the white list
•
clients that were running on hosts in the network map when you surveyed your networks as
described in
described in
•
clients that are used by other host profiles in the white list, which may include built-in clients created
by the VRT for use in the default white list
by the VRT for use in the default white list
Step 2
You have two options:
•
To add a client already in the list, select it and click
OK
. Use Ctrl or Shift while clicking to select
multiple clients. You can also click and drag to select multiple adjacent clients.