I have noticed that after a rule update, rules in "Drop and Generate Events" mode are added to the Base Intrusion Policy. In the case of an inline deployment this is not desired, thus tuning is required every time. Why does this happen? Is there any way to avoid it?
In other words, it would be much more 'safer' if the added rules would be in 'Generate Events' mode only.
The basic idea here is that the rule update changes the default policies. Be it balance security and connectivity or connectivity and security and so on.
Cisco release rule updates with revisions of most common signatures which should always be in drop and generate and some in generate events while also some rules without any action depending upon the base policy.
If you are using balance security and connectivity, that would be most safe (and recommended) base policy. To answer your question, no rule update installation does apply on base policy which affects custom policy as well.
ISE 2.2 Patch 10 has been released at ISE 2.2.0 Software Download since 2018-Sep-18, with the filename ise-patchbundle-220.127.116.110-Patch10-18091119.SPA.x86_64.tar.gz.
For more info, please read Resolved Issues in Cisco ISE Version 18.104.22.1680—Cumulative ...
ISE 2.3 Patch 5 has been released at ISE 2.3.0 Software Download since 2018-Sep-17, with the filename ise-patchbundle-22.214.171.1248-Patch5-18082702.SPA.x86_64.tar.gz.
For more info, please read Resolved Caveats in Cisco ISE Version 126.96.36.1998—Cumulative P...
I recently ran into an issue on ISE 2.3 Patch 5 when trying to modify a Hotspot Guest Portal that had been created in the ISE Portal Builder.
The support people with the ISEPB team gave me the answer, so I thought I'd save someone a...
The Security team is pleased to announce the Cisco Firepower Threat Defense 6.2.3 Attack Lab v1.2, available in all datacenters.
The lab is aimed at technical decision makers, security engineers and CSOs with an interest in security technology. Th...