Cisco Cisco Firepower Management Center 4000

A construct, usually within a 

, that provides criteria against which network traffic is examined.

A setting that determines how the system handles network traffic that meets the conditions of a rule. See 

 and 

 is enabled (set to Generate Events or Drop and Generate Events), or disabled 

(set to Disable) within an 

. If you enable a rule, it is used to evaluate your network traffic; 

if you disable a rule, it is not used.

An as-needed 

 update that contains new and updated 

s, 

s, and preprocessor rules. A rule update may also delete rules, modify default intrusion policy 

settings, and add or delete default variables and rule categories.

An administrative task that you can schedule to run once or at recurring intervals.

A feature that allows you to specify the traffic that can traverse your network, per 

based on the source or destination IP address. This is especially useful if you want to blacklist—deny 
traffic to and from—specific IP addresses, before the traffic is subjected to analysis by 

s. Optionally, you can use a 

 setting for Security Intelligence filtering, which allows the 

system to analyze connections that would have been blacklisted, but also logs the match to the blacklist.

In an 

, a list of IP addresses that allows you to deny traffic to and from those hosts, 

before the traffic is subjected to analysis by 

s. A blacklist is comprised of 

s, including the 

. An access control policy’s 

 overrides its blacklist.

One of the types of 

s, a dynamic collection of IP addresses that the system 

downloads on a regular basis, at an interval you configure. Because feeds are regularly updated, using 
them ensures that the system uses up-to-date information to filter your network traffic using the 

 feature. See also 

A simple static collection of IP addresses that you manually upload to the Defense Center as a 

. Use lists to augment and fine-tune 

s as well as the 

 and