This guide recomends creating an Audit Only, Protect, Triage, Server and Domain Controller policy and the same for groups. It also recomends all the workstations to initially belong to the "Audit Only" group (with the Audit Only policy) and then move them to the Protect group (with Protect policy) after making sure you root out any false positive.
At this point, I downloaded the connector from the "Audit Only Group" with the "Audit Only" policy and installed it in my VM.
Now, I went ahead and moved the computer from the "Audit Only Group" to the "Protect Group" but the Protect Policy is not reflected in the console nor in the connector.
- How do I properly move this Computer from the "Audit Only" to the "Protect" policy?
Doing a "Sync Policy" at the connector only updates any changes done to the "Audit Only" policy.
Rebooting the machine and/or restarting the services don't update the policy.
If you make any kind of changes in the policy including changing the connectors from one group to another , it will take effect only after the heartbeat interval . You can set the heartbeat interval starting from 15 minutes.
This document describes how to generate an FXOS troubleshoot file for 2100/4100/9300-series devices
The information in this document is based on these software and hardware versions:
Cisco Firepower 9300 Security Appliance r...
FP URL filtering capability can classify the URLs based on:
Reputation (risk level)
This varies from High Risk (level 1) to Well Known (level 5)
Category + Reputation
If you select a reputation level to allow,...
Cisco Press has published a step-by-step visual guide to configuring and troubleshooting of the Cisco Firepower Threat Defense (FTD). Each consistently organized chapter on this book contains definitions of keywords, operational flowcharts, architectural ...