Cisco Cisco FirePOWER Appliance 7020
56-2
FireSIGHT System User Guide
Chapter 56 Auditing the System
Managing Audit Records
Viewing Audit Records
License:
Any
You can use the appliance to view a table of audit records. Then, you can manipulate the view depending
on the information you are looking for. The predefined audit workflow includes a single table view of
events. You can also create a custom workflow that displays only the information that matches your
specific needs. For information on creating a custom workflow, see
on the information you are looking for. The predefined audit workflow includes a single table view of
events. You can also create a custom workflow that displays only the information that matches your
specific needs. For information on creating a custom workflow, see
The following table describes some of the specific actions you can perform on an audit log workflow
page.
page.
Table 56-1
Audit Log Actions
To...
You can...
learn more about the contents of the
columns in the table
columns in the table
find more information in
.
modify the time range used when
viewing audit records
viewing audit records
find more information at
Note that events that were generated outside the appliance's configured time window
(whether global or event-specific) may appear in an event view if you constrain the
event view by time. This may occur even if you configured a sliding time window for
the appliance.
(whether global or event-specific) may appear in an event view if you constrain the
event view by time. This may occur even if you configured a sliding time window for
the appliance.
sort and constrain events on the
current workflow page
current workflow page
find more information in
navigate within the current workflow
page
page
find more information in
navigate between pages in the current
workflow, keeping the current
constraints
workflow, keeping the current
constraints
click the appropriate page link at the top left of the workflow page. For more
information, see
information, see
drill down to the next page in the
workflow
workflow
use one of the following methods:
•
To drill down to the next workflow page constraining on a specific value, click a
value within a row. Note that this only works on drill-down pages. Clicking a
value within a row in a table view constrains the table view and does not drill
down to the next page.
value within a row. Note that this only works on drill-down pages. Clicking a
value within a row in a table view constrains the table view and does not drill
down to the next page.
•
To drill down to the next workflow page constraining on some events, select the
check boxes next to the events you want to view on the next workflow page, then
click
check boxes next to the events you want to view on the next workflow page, then
click
View
.
•
To drill down to the next workflow page keeping the current constraints, click
View All
.
Tip
Table views always include “Table View” in the page name.
For more information, see
.