cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
810
Views
0
Helpful
3
Replies

Firepower intrusion rule

chinguun bayar
Level 1
Level 1

Hi there. 

i really confused with my intrusion policy block below signature.

I dont know what is 1 instances of http - drop

3 Replies 3

ankojha
Level 3
Level 3

Hi,

If you click on this 1 instance of http , you will be able to see the rule action which is changed to drop.

Rate if it helps.

Thanks,

Ankita

Ed Padilla Jr
Level 1
Level 1

Keep in mind, your My Layers overrides the other rules states from.  Once you check the rule, you have three options: Alert/Generate events, Drop, or Disable.   If you see two red arrows, the one on the left is set to DROP, and the red arrow on the right is Firesight RECOMMENDED rules to activate.  

Happy tuning

Jetsy Mathew
Cisco Employee
Cisco Employee

Hello Chinguun,

Adding to what the other experts said , here is the quick reference link which may help you further in understanding more about intrusion rules.

http://www.cisco.com/c/en/us/td/docs/security/firesight/541/user-guide/FireSIGHT-System-UserGuide-v5401/Intrusion-Rule-Writing.html

Whenever you need to understand more about any option in Firesight GUI, Please click on Online help option on the right top handside of the Web interface.

Rate if that helps you

Regards

Jetsy 

Review Cisco Networking for a $25 gift card