Cisco Cisco FirePOWER Appliance 7115
Version 5.3
Sourcefire 3D System User Guide
1649
Using the Sourcefire 3D System as a Compliance Tool
Working with White List Events
Chapter 37
3. Optionally, if you want to save the search, enter a name for the search in the
Name field.
If you do not enter a name, one is created automatically when you save the
If you do not enter a name, one is created automatically when you save the
search.
4. Enter your search criteria in the appropriate fields, as described in the
on page 1647, and keeping
in mind the following additional points:
•
All fields accept negation (
!
).
•
All fields accept comma-separated lists. If you enter multiple criteria,
the search returns only the records that match all the criteria.
•
Many fields accept one or more asterisks (
*
) as wild cards.
•
Specify
n/a
in any field to identify events where information is not
available for that field; use
!n/a
to identify the events where that field is
populated.
•
Click the add object icon (
) that appears next to a search field to use
an object as a search criterion.
For more information on search syntax, including using objects in searches,
see
5. If you want to save the search so that other users can access it, clear the Save
As Private check box. Otherwise, leave the check box selected to save the
search as private.
If you want to use the search as a data restriction for a custom user role, you
must save it as a private search.
If you want to use the search as a data restriction for a custom user role, you
must save it as a private search.
6. You have the following options:
•
Click Search to start the search.
Your search results appear in the default white list events workflow,
Your search results appear in the default white list events workflow,
constrained by the current time range. To use a different workflow,
including a custom workflow, click (switch workflow) by the workflow
title. For information on specifying a different default workflow, see
•
Click Save if you are modifying an existing search and want to save your
changes.
•
Click Save as New Search to save the search criteria. The search is saved
(and associated with your user account if you selected Save As Private),
so that you can run it at a later time.