Cisco Cisco FirePOWER Appliance 7115
Version 5.3
Sourcefire 3D System User Guide
1650
Using the Sourcefire 3D System as a Compliance Tool
Working with White List Violations
Chapter 37
Working with White List Violations
L
ICENSE
: FireSIGHT
The system keeps track of the ways in which hosts on your network violate the
compliance white lists in active correlation policies. You can search and view
these records.
For more information, see the following sections:
For more information, see the following sections:
•
•
•
Viewing White List Violations
L
ICENSE
: FireSIGHT
You can use the Defense Center to view a table of white list violations. Then, you
can manipulate the event view depending on the information you are looking for.
The page you see when you access white list violations differs depending on the
workflow you use. There are two predefined workflows:
•
The Host Violation Count workflow provides a series of pages that list all the
hosts that violate at least one white list. The first page sorts the hosts
based on the number of violations per host, with the hosts with the
greatest number of violations at the top of the list. If a host violates more
than one white list, there is a separate row for each violated white list. The
workflow also contains a table view of white list violations that lists all
violations with the most recently detected violation at the top of the list.
Each row in the table contains a single detected violation.
•
The White List Violations workflow includes a table view of white list
violations that lists all violations with the most recently detected violation at
violations that lists all violations with the most recently detected violation at
the top of the list. Each row in the table contains a single detected violation.
Both predefined workflows terminate in a host view, which contains a host profile
for every host that meets your constraints. You can also create a custom
workflow that displays only the information that matches your specific needs. For
more information, see