:

Cisco Security Analytics and Logging (SaaS) licenses come with a default data retention period of 90

days. This retention period allows organizations to store and analyze their security event data for up

to 90 days, providing sufficient time for security monitoring and forensic investigations.

Reference: Cisco Security Analytics and Logging Documentation, Chapter on License Information and

Data Retention    .

Reference: https://www.cisco.com/c/en/us/td/docs/security/firepower/integrations/CTR/

Firepower_and_Cisco_Threat_Response_Integration_Guide.pdf

To configure IPS mode on a Cisco Secure Firewall Threat Defense (FTD) device to inspect traffic and

act as an IDS, the network engineer must configure an intrusion policy on the FTD device. The

passive-interface and SPAN on the switch have already been configured, which means the traffic is

being mirrored to the FTD. The next step is to set up an intrusion policy that defines the rules and

actions for detecting and responding to malicious traffic.

Steps:

In FMC, navigate to Policies > Intrusion.

Create a new intrusion policy or edit an existing one.

Define the rules and actions for detecting threats.

Apply the intrusion policy to the relevant interfaces or access control policies.

This configuration enables the FTD to inspect the mirrored traffic and take appropriate actions based

on the defined intrusion policy.

Reference: Cisco Secure Firewall Management Center Administrator Guide, Chapter on Intrusion

Policies    .

:

:

Reference:

https://www.cisco.com/c/en/us/td/docs/security/firepower/60/configuration/guide/fpmc-configguide-v60/Network_Discovery_Policies.html

:

: