Cisco Cisco Firepower Management Center 4000

47-8

FireSIGHT System User Guide

Chapter 47 Understanding and Using Workflows

Components of a Workflow

Predefined Security Intelligence Workflows

License:

Protection

Supported Devices:

Series 3, Virtual, X-Series, ASA FirePOWER

Supported Defense Centers:

Any except DC500

The following table describes the predefined Security Intelligence workflows included on the Defense
Center. All the predefined Security Intelligence workflows use the table view of Security Intelligence
events. For more information on accessing Security Intelligence event data, see

Viewing Connection and

Security Intelligence Data, page 16-13

Predefined Host Workflows

License:

FireSIGHT

The following table describes the predefined workflows that you can use with host data.

Unique Initiators by
Responder

This workflow contains a graph of the 10 most active responding host IP addresses on the
monitored network segment, based on the number of unique initiators that contacted each
address.

Unique Responders by
Initiator

This workflow contains a graph of the 10 most active initiating host IP addresses on the
monitored network segment, based on the number of unique responders that the addresses
contacted.

Table 47-5

Predefined Connection Data Workflows (continued)

Workflow Name

Description

Table 47-6

Predefined Security Intelligence Workflows

Workflow Name

Description

Security Intelligence
Events

This workflow provides a summary view of basic Security Intelligence and detected application
information, which you can then use to drill down to the table view of events.

Security Intelligence
Summary

This workflow is identical to the Security Intelligence Events workflow, but begins with the
Security Intelligence Summary page, which lists security intelligence events by category and
count only.