Adaptive Profile Options

Enable

Enabling this option is required for:

  • access control rules to perform application and file control, including malware protection (AMP)

  • intrusion rules to use service metadata

This option is enabled by default.

Note

To enable Adaptive Profiles in Snort 3, both Enable and Enable Profile Updates options must be selected.

Enable Profile Updates

In passive deployments, enable profile updates to defragment and reassemble IP traffic according to a profile of the operating system used by the hosts in your network map

For Snort 3, this must be enabled if Adaptive Profiles is enabled.

Adaptive Profiles - Attribute Update Interval

When profile updates are enabled, you can control how frequently in minutes network map data is synced from the management center to its managed devices. The system uses the data to determine what profiles should be used when processing traffic. Increasing the value for this option can improve performance in a large network.

Adaptive Profiles - Networks

Optionally, when profile updates are enabled, you can improve performance by constraining profile updates to a comma-separated list of IP addresses, address blocks, and network variables. If you use a network variable, the system uses the variable's value in the variable set linked to the default intrusion policy for your access control policy. For example, you could enter: 192.168.1.101, 192.168.4.0/24, $HOME_NET. IPv4 and IPv6 are supported.

The default value (0.0.0.0/0) applies adaptive profile updates to all networks.