Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
We are switching over a section of our environment from McAfee Network Security to Firepower. We have several different policies for different customers. McAfee uses a combination of NSP rules, CVEs, and other ways to identify and categorize intrusti...
Hi, Using an FMC. I turned on SNMP alerts for Intrusion Impact Alerts. Traps came through, but it's not showing all of the relevant OIDs that are possible given the Enterprise number. How can I enrich the SNMP traps coming from the FMC to show more o...
Hi everyone, We have an FMC set up that is managing a number of FTD devices. We currently have alerts set up to send emails when intrusion events occur. Emails are generated using the Impact Flag settings and when specific rules are fired (via the In...
I uploaded the ISO to a SCP enabled server. When attempting to re-image the Firepower Device (8130), I put in the IP address, authorized user name for the SCP server, full path to the ISO image directory (/home/username), and password for the usernam...
Let's say that I have a few Sourcefire 3D Sensors (8130) and a Sourcefire Management Center that are on an OS that is before 5.4, one of them being on a version that's a bit older. What are the suggested upgrade paths for these devices? I know that I...
Hi Marius, Would the method of exporting the rule-set be along the lines of using the API and GET /policy/intrusion/{parentId}/intrusionrules? I'm pretty new to this, so apologies if I'm asking something with an obvious answer. Thank you.
Hi Marvin,Thanks for that, but that would be more for looking up rules one at a time. I'm looking for something that we could use to look up rules via CVE or McAfee ID by the hundreds/thousands.
Hi, Are there any guidance documents on how to search for CVEs or McAfee ID (since that is something that can be filtered for in the intrusion ruleset in the policy) and enabling/disabling them? That would be a huge help. We absolutely plan on using ...
