Cisco Cisco FirePOWER Appliance 7115
Version 5.3
Sourcefire 3D System User Guide
1648
Using the Sourcefire 3D System as a Compliance Tool
Working with White List Events
Chapter 37
To search for compliance white list events:
A
CCESS
: Admin/Any Security Analyst
1. Select Analysis > Search.
The Search page appears.
2. From the Table drop-down list, select White List Events.
The page reloads with the appropriate constraints.
User
Specify the identity of the user logged in to a host that has
become non-compliant with a white list.
Port
Specify the port, if any, associated with the discovery event
that triggered an application protocol white list violation (a
violation that occurred as a result of a non-compliant
application protocol).
Host Criticality
Specify the host criticality of the source host involved in the
white list event:
None
,
Low
,
Medium
, or
High
. For more
information on host criticality, see
Device
Type the name of the device or device group that detected
the white list violation.
Compliance White List Event Search Criteria (Continued)
F
IELD
S
EARCH
C
RITERIA
R
ULES