Correct me if I'm wrong, as I'm rather new to this CCA thing, but I
think all of the Cisco defined checks already have corresponding
Cisco defined rules. It's only new checks that you might want to
define a new rule for. Also, I don't know if this is a "best
practice" for CCA (or if there are any "best practices" for CCA at
all) but we typically define rules containing more than one check,
e.g. a service check and a file check. We have only a few one to one
check to rule relationships.
Michael Grinnell
Network Security Administrator
The American University
On Jul 8, 2005, at 9:13 AM, King, Michael wrote:
> Hmm..
>
> You mean the Checks... They're the only dialog boxes that have
> "Automatically create a rule" in them.
>
> Let's double check our terminology.
>
> When I say rules screen, this is what I mean
>
> http://www.mpking.com/file/rulesscreen.JPG
>
>
> So you would need to create a requirement. (Option to the right of the
> most left circle)
>
>
>
>
>> -----Original Message-----
>> From: Perfigo SecureSmart and CleanMachines Discussion List
>> [mailto:[log in to unmask]] On Behalf Of Libby Garner
>> Sent: Thursday, July 07, 2005 7:10 PM
>> To: [log in to unmask]
>> Subject: Re: Automatically create rule grayed out
>>
>> Michael,
>>
>> But I don't want to edit it, I just want to use it. Why do I
>> need to copy a rule to implement it when I don't want to edit
>> it? I want to use it exactly as Cisco delivered it.
>>
>> I wish there was a CCA for Dummies guide!
>>
>> Libby
>>
>> On Thu, 7 Jul 2005 16:33:19 -0400, King, Michael
>> <[log in to unmask]> wrote:
>>
>>
>>> Hi Libby,
>>>
>>> There are 4 terms used in CCA.
>>>
>>> Checks, Rules, Requirements, and Roles.
>>>
>>> Checks are used to form the Rules, and Rules are formed from
>>> Requirements. The Requirements are applied to individual roles.
>>>
>>> Multiple checks can form a rule, and multiple rules can form a
>>> Requirement.
>>>
>>> The Cisco Provided Checks are used by the Cisco Rules. Sometimes
>>> (Depending on how long you've had it installed) you might
>>>
>> have checks
>>
>>> with no rules.
>>>
>>> The Cisco provided rules and checks are none user editable,
>>>
>> but you can
>>
>>> copy them, and edit those.
>>>
>>>
>>>
>>
>
|