Skip to main content



Cisco Defense Orchestrator

Intrusion Prevention System

The Cisco Talos Intelligence Group (Talos) detects and correlates threats in real time and maintains a reputation disposition on billions of files. The Cisco IOS Intrusion Prevention System (IPS) is an inline, deep-packet inspection feature that mitigates attacks on your network by using the threat intelligence data from Talos to accurately identify, classify, and drop malicious traffic in real time.

Cisco Defense Orchestrator (CDO) provides the ability to activate and tune the IPS feature on Firepower Threat Defense (FTD) devices that run software versions 6.4.x.x through 6.6.0.x and 6.6.1.x. CDO currently does not support IPS rule tuning on FTD 6.7.

On the CDO menu bar, navigate Policies > Signature Overrides to perform these tasks: 

  • Resolve inconsistencies in overrides across multiple devices.
  • View and hide threat events.
  • Override how a threat event is handled by changing the rule action.
  • Was this article helpful?