Set Intrusion Policy Preferences

Comments on policy change: Check this check box to track policy-related changes using the comment functionality when users modify intrusion policies. With policy change comments enabled, administrators can quickly assess why critical policies in a deployment were modified.

If you enable comments on policy changes, you can make the comment optional or mandatory. The Cloud-Delivered Firewall Management Center prompts the user for a comment when each new change to a policy is saved.

Write changes in Intrusion Policy to audit log: Check this check box to record the changes to the intrusion policies to the audit logs. This option is enabled by default.

Retain user overrides for deleted Snort 3 rules: Check this check box to get notifications for changes to any overridden system-defined rules during LSP updates. When enabled, the system retains the rule overrides in the new replacement rules that are added as part of the LSP update. On the Cloud-Delivered Firewall Management Center menu bar, click Notifications (message center), and then click Tasks to view the notifications. This option is enabled by default.

Talos Threat Hunting Telemetry: Check this check box to allow Cisco Talos to conduct threat hunting and to gather critical security intelligence. When enabled, a special set of threat-hunting rules is added to the global intrusion policy. Although the threat-hunting rules are processed like regular IPS rules, the events that the Talos threat hunting rules generate do not appear in the Cloud-Delivered Firewall Management Center's event tables. Instead, the events are sent to Talos as telemetry for analysis. This option is enabled by default.