Cisco Cisco FirePOWER Appliance 7115

Version 5.3

Sourcefire 3D System User Guide

1847

Searching for Events

Using Wildcards and Symbols in Searches

Chapter 43

Using Wildcards and Symbols in Searches

: Any

Many text fields on search pages allow you to use an asterisk (*) to match 

characters in a string. For example, specifying

 net*

 matches 

network

, 

netware

, 

netscape

, and so on.

If you want to search for non-alphanumeric characters (including the asterisk 

character), enclose the search string in quotation marks. For example, to search 

for the string:

Find an asterisk (*)

enter:

“Find an asterisk (*)”

Note that in text fields that allow a wildcard, you must use the wildcard if you 

want to match a partial string. For example, if you are searching the audit log for 

all audit records that involve page views (that is, the message is Page View), 

searching for 

Page

 returns no results. Instead, specify 

Page*

.

Using Objects and Application Filters in Searches

: Any

The Sourcefire 3D System allows you to create named objects, object groups, 

and application filters that can be used as part of your network configuration. You 

can use these objects, groups, and filters as search criteria when performing or 

saving searches.
When you perform a search, objects, object groups, and application filters appear 

in the format, 

${object_name}

. For example, a network object with the object 

name 

ten_ten_network

 appears as 

${ten_ten_network}

 in a search.

You can click the add object icon (

) that appears next to a search field where 

you can use an object as a search criterion.

Specifying Time Constraints in Searches

: Any

You can use a number of formats for specifying time search constraints. You can 

enter a time you want to match, and, optionally, a less than (

<

) or greater than (

>

) 

operator to match times before or after the time you enter.