Dynamic Attributes Rule Conditions
Dynamic attributes include the following:
-
Dynamic objects (such as from the Cisco Secure Dynamic Attributes Connector)
The dynamic attributes connector enables you to collect data (such as networks and IP addresses) from cloud providers and send it to the Firepower Management Center so it can be used in access control rules. .
For more information about the dynamic attributes connector, see the information later in this guide.
-
SGT objects
-
Location IP objects
-
Device type objects
-
Endpoint profile objects
Dynamic attributes can be used as source criteria and destination criteria in access control rules. Use the following guidelines:
-
Objects of different types are ANDd together
-
Objects of a similar type are ORd together
For example, if you choose source destination criteria SGT 1, SGT 2, and device type 1; the rule is matched if device type 1 is detected on either SGT 1 or SGT 2.