You can use geolocation criteria to specify source IP addresses by country and continent, as well as destination IP addresses by country and continent.

You can use geolocation criteria to specify destination IP addresses by country but not source IP addresses.

You can use geolocation criteria to specify source and destination IP addresses by country but not by continent.

You can use geolocation criteria to specify source and destination IP addresses by continent but not by country.

Administrator

Intrusion Administrator

Security Analyst

Security Analyst (Read-Only)

The protocol is restricted to TCP only.

The protocol is restricted to UDP only.

The protocol is restricted to TCP or UDP.

The protocol is restricted to TCP and UDP.

Microsoft Active Directory

Yahoo

Oracle

SMTP

Nothing happens, because you cannot assign a group of rules to a correlation policy.

The network traffic is blocked.

The Defense Center generates a correlation event and initiates any configured responses.

An event is logged to the Correlation Policy Management table.

logging to database, SMS, SMTP, and SNMP

logging to database, SMTP, SNMP, and PCAP

logging to database, SNMP, syslog, and email

logging to database, PCAP, SMS, and SNMP

The global blacklist universally allows all traffic through the managed device.

The global whitelist cannot be edited.

IP addresses can be added to the global blacklist by clicking on interactive graphs in Context Explorer.

The Security Intelligence lists cannot be updated.

System Default Variables and FireSIGHT-Specific Variables

System Default Variables and Procedural Variables

Default Variables and Custom Variables

Policy-Specific Variables and Procedural Variables