Skip to main content



Cisco Defense Orchestrator

Intrusion Prevention System

The Cisco Talos Intelligence Group (Talos) detects and correlates threats in real time and maintains a reputation disposition on billions of files. The Cisco IOS Intrusion Prevention System (IPS) is an inline, deep-packet inspection feature that mitigates attacks on your network by using the threat intelligence data from Talos to accurately identify, classify, and drop malicious traffic in real time.

Cisco Defense Orchestrator (CDO) provides the ability to activate and tune the IPS feature on your Firepower Threat Defense (FTD) devices. CDO supports IPS rule tuning on all versions of FTD 6.4 and FTD 6.6.1. CDO does not support IPS rule tuning on any version of FTD 6.5, any version of FTD 6.6 other than 6.6.1, or any version of FTD 6.7.

On the CDO menu bar, navigate Policies > Signature Overrides to perform these tasks: 

  • Resolve inconsistencies in overrides across multiple devices.
  • View and hide threat events.
  • Override how a threat event is handled by changing the rule action.
  • Was this article helpful?