Ensure non-default application inspection is configured correctly

Information

Enables the inspection of an application that is not in the default global policy application inspection

Rationale:

By default, the Firepower configuration includes a policy that matches all default application inspection traffic and applies certain inspections to the traffic on all interfaces (global policy). Not all inspections are enabled by default. The default policy can be edited in order to enable inspection for a specific application that is not by default included in it.

NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.

Solution

Custom Detectors can be created through the Firepower Management Center:

Step 1 - Select Policies > Application Detectors
Step 2 - Select Create Custom Detector

See Also

https://www.cisco.com/c/en/us/td/docs/security/firepower/623/configuration/guide/fpmc-config-guide-v623.html

Item Details

Category: SYSTEM AND INFORMATION INTEGRITY

References: 800-53|SI-7(12)

Plugin: Cisco

Control ID: 4de8a6c075cf63f581fa91ff7e21dd05beea70424b6c1b095699ea87726ce0fa