Cisco Cisco FirePOWER Appliance 7115

Version 5.3

Sourcefire 3D System User Guide

1648

Using the Sourcefire 3D System as a Compliance Tool

Working with White List Events

Chapter 37

To search for compliance white list events:

: Admin/Any Security Analyst 

1. Select Analysis > Search.

The Search page appears.

2. From the Table drop-down list, select White List Events.

The page reloads with the appropriate constraints.

User

Specify the identity of the user logged in to a host that has 

become non-compliant with a white list.

Port

Specify the port, if any, associated with the discovery event 

that triggered an application protocol white list violation (a 

violation that occurred as a result of a non-compliant 

application protocol).

Host Criticality

Specify the host criticality of the source host involved in the 

white list event: 

None

, 

Low

, 

Medium

, or 

High

. For more 

information on host criticality, see 

 on page 1433.

Device

Type the name of the device or device group that detected 

the white list violation.

Compliance White List Event Search Criteria (Continued)