Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2243
Views
5
Helpful
1
Replies

Cisco FirePower Recommendation Rules at IPS

subrun.jamil
Level 1
Level 1

‎06-19-2019 01:10 PM

Once an IPS Policy is created with FirePower Recommendations  , next day if there are any updates from Cisco for "FirePower Recommendations" does not it get applied to the Policy automatically ? or we need to update the "FirePower Recommendations" with  "Update Recommendations" option from the already created IPS Policy ?

 

Also what it does for " Recurring Rule Update Imports " at FMC >> System >> Updates Section ? Is it equivalent to .vrt  file  ?

Labels:
0 Helpful
1 Reply 1

Marvin Rhoads
Hall of Fame
Hall of Fame

‎06-24-2019 07:38 AM - edited ‎06-24-2019 07:59 AM

Once you have Generated (and Use) Firepower Recommendations in your Intrusion Policy, the system does not change them unless and until you choose to "Update Recommendations" manually or create a scheduled task to do so for you (and deploy policy afterwards). You would do the latter via System > Tools > Scheduling. Create a new task and choose job type "Firepower Recommended Rules".

The "Recurring Rule Updates" are indeed the vrt (Vulnerability Research Team) files which comprise the Snort Rule Updates (SRU).

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card