Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1322
Views
0
Helpful
0
Replies

Firepower Custom Rule Creation

routercpu
Level 1
Level 1

‎03-02-2018 10:30 AM - edited ‎02-21-2020 07:27 AM

I want to create a custom rule within the Firepower Management Center that triggers when there are multiple failed RDP login attempts.  I am using an existing rule as a template and I have created the rule in the attached screenshot.  I am basing the rule on 10 failed login attempts in 60 seconds and the TCP Rst flag.  So, I believe I have the detection_filter option correct.  But, I have a question about the metadata option which is from the existing rule I am using as a template.  What does "policy max-detect-ips drop" mean?  Is there any documentation about this option and what can be used and what it means?  Are there any other options I need to add for this rule?

Labels:
Preview file
69 KB
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card