Cisco Cisco Firepower Management Center 4000

This column displays the first fifty characters of the extracted URI. You can hover your pointer over 
the displayed portion of an abbreviated URI to display the complete URI, up to 2048 bytes. You can 
also display the complete URI, up to 2048 bytes, in the packet view. See 

 for more information.

This field is disabled by default.

The address of the email sender that was extracted from the SMTP MAIL FROM command. To 
display a value for this field, you must enable the SMTP preprocessor 

 option. 

Multiple sender addresses are supported. See 

 for more 

information. 

This field is disabled by default.

The address of the email recipient that was extracted from the SMTP RCPT TO command. To 
display a value for this field, you must enable the SMTP preprocessor 

 option. 

Multiple recipient addresses are supported. See 

 for 

more information.

This field is disabled by default.

The MIME attachment file name that was extracted from the MIME Content-Disposition header. To 
display attachment file names, you must enable the SMTP preprocessor 

 

option. Multiple attachment file names are supported. See 

 for more information.

This field is disabled by default.

The name of the user who reviewed the event. See 

The number of events that match the information that appears in each row. Note that the Count field 
appears only after you apply a constraint that creates two or more identical rows.

Protection

When you associate an intrusion policy with an access control rule or the default action of an access 
control policy, the system can log the connections where intrusion events are detected. Although this 
logging is automatic for access control rules, you must manually enable connection logging to see 
associated connection data for the default action; see 

.

Admin

Select 

.