Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

Attack Relevancy Rating

What is the internal value of the Attack Relevancy Rating for the system with relevance=not-relevant. I do not see any difference for the system with relevance=unknown. In the attachment you will find the example of an attack? It is OK or not?

Looking forward ho hearing from you

2 REPLIES
Cisco Employee

Re: Attack Relevancy Rating

value for ARR is adjusted as below :

- Unknown relevance : no change

- Relevant : +10

- Not-Relevant : -10 for promiscuous mode and no change for inline mode.

From the above adjustments sensor is behaving as it is supposed to be in your case. Since the risk ratings are same for system with not-relevant and unknown OS, looks like your sensor is in inline mode.

Community Member

Re: Attack Relevancy Rating

Hi

Thank you very much for your information

Best regards

Kazimierz

188
Views
0
Helpful
2
Replies
CreatePlease to create content