cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1211
Views
0
Helpful
0
Replies

Firepower Custom Rule Creation

routercpu
Level 1
Level 1

I want to create a custom rule within the Firepower Management Center that triggers when there are multiple failed RDP login attempts.  I am using an existing rule as a template and I have created the rule in the attached screenshot.  I am basing the rule on 10 failed login attempts in 60 seconds and the TCP Rst flag.  So, I believe I have the detection_filter option correct.  But, I have a question about the metadata option which is from the existing rule I am using as a template.  What does "policy max-detect-ips drop" mean?  Is there any documentation about this option and what can be used and what it means?  Are there any other options I need to add for this rule?

0 Replies 0
Review Cisco Networking for a $25 gift card