Deploying a File Policy – Cisco Malware and File Policy

Deploying a File Policy

To apply a file policy on a threat defense, you need to create an access control rule and invoke the file policy into it. Here are the detailed steps:

Step 1. Navigate to Policies > Access Control > Access Control. The available access control policies appear. You can modify one of the existing policies or click New Policy to create a new one.

Step 2. On the policy editor page, you can edit an existing rule or create a new rule by clicking the Add Rule button.

Step 3. On the rule editor window, go to the Inspection tab. You will notice drop-downs for Intrusion Policy, Variable Set, and File Policy. Figure 16-16 shows the drop-downs on the Inspection tab. The file policy you configured earlier should be listed here, under the File Policy drop-down.

Figure 16-16 Selecting a File Policy for an Access Control Rule

Step 4. Choose a policy from the File Policy drop-down. Doing so automatically enables logging for the file event. You can verify it by viewing the settings on the Logging tab (see Figure 16-17). Additionally, to view the connection event that is associated with a file transfer, you can manually enable Log at End of Connection.

Figure 16-17 Options to Enable Logging for File Events and Connection Events

Step 5. Click the Add button to save the changes. You return to the access control policy editor page. If you are editing an existing access control rule, you can click the Save button instead.

Step 6. In the access control policy editor page, select a default action. Note that you cannot select a file policy as the default action of an access control policy (see Figure 16-18). You can invoke a file policy only within an individual access control rule.

Figure 16-18 Independent File Policy Is Not an Option for Default Action

Step 7. Finally, click Save to save the changes, and go to Deploy > Deployment to deploy the configuration to your threat defense.

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *