How to find a hidden graph that shows your Cisco Firepower IPS “Would have Dropped” events

This Tidbit of the Day will provide cool features of Cisco Firepower/FTD in just a couple minutes!

In this Tidbit of the Day (TOD), I will show you how to find a hidden feature in the Dashboard>Overview in order to se your IPS “Would have Dropped” events

2 Comments

  1. What are your thoughts for someone that maybe using balanced security for IPS in Production? How do can you safely test a more secure level above? My understanding from this is you would have to uncheck the option drop when inline for a while?

    1. Yes, its pretty simple. Just change your base policy to SoC and uncheck the Drop while inline. Spend a couple days or so adjusting the rules that show they would have dropped making sure they weren’t false positive, and then check the drop while in line box, save and redeploy.

Leave a Reply

Your email address will not be published. Required fields are marked *