для Cisco Cisco Firepower Management Center 4000
28-30
FireSIGHT System User Guide
Chapter 28 Detecting Specific Threats
Detecting Sensitive Data
Step 1
Select
Policies> Intrusion > Intrusion Policy.
The Intrusion Policy page appears.
Step 2
Click the edit icon (
) next to the policy you want to edit.
If you have unsaved changes in another policy, click
OK
to discard those changes and continue. See
for information on saving unsaved changes in another
policy.
The Policy Information page appears.
Step 3
Click
Advanced Settings
in the navigation panel on the left.
The Advanced Settings page appears.
Step 4
You have two choices, depending on whether
Sensitive Data Detection
under Specific Threat Detection is
enabled:
•
If the configuration is enabled, click
Edit
.
•
If the configuration is disabled, click
Enabled
, then click
Edit
.
The Sensitive Data Detection page appears.
A message at the bottom of the page identifies the intrusion policy layer that contains the configuration.
See
See
for more information.
Step 5
You have the following options:
•
To create a custom data type, click the
+
sign next to
Data Types
on the left side of the page. The Add
Data Type pop-up window appears.
Specify a unique data type name and the pattern you want to detect with this data type and click
OK
,
or click
Cancel
to abandon your edits. See
for more information.
The Sensitive Data Detection page appears. If you clicked
OK
, the page updates to display your
changes.
•
To modify any of the options that are common to predefined and custom data types, click the data
type name in the
type name in the
Targets
page area.
The Configuration page area updates to display the current settings for the data type. See
for more information.
•
To edit the system-wide name and data pattern for a custom data type, see
.
•
To delete a custom data type, click the delete icon (
) next to the data type you want to remove
and then click
OK
, or click
Cancel
to abandon deleting the data type.
Note that you cannot delete a data type when the sensitive data rule for that data type is enabled in
any intrusion policy. Deleting a custom data type deletes it from all intrusion policies.
any intrusion policy. Deleting a custom data type deletes it from all intrusion policies.
Editing Custom Data Type Names and Detection Patterns
License:
Protection