Cisco Cisco Firepower Management Center 2000
C H A P T E R
4-1
FireSIGHT System User Guide
4
Using the Context Explorer
The FireSIGHT System Context Explorer displays detailed, interactive graphical information in context
about the status of your monitored network, including data on applications, application statistics,
connections, geolocation, indications of compromise, intrusion events, hosts, servers, Security
Intelligence, users, files (including malware files), and relevant URLs. Distinct sections present this data
in the form of vivid line, bar, pie, and donut graphs, accompanied by detailed lists.
about the status of your monitored network, including data on applications, application statistics,
connections, geolocation, indications of compromise, intrusion events, hosts, servers, Security
Intelligence, users, files (including malware files), and relevant URLs. Distinct sections present this data
in the form of vivid line, bar, pie, and donut graphs, accompanied by detailed lists.
You can easily create and apply custom filters to fine-tune your analysis, and you can examine data
sections in more detail by simply clicking or hovering your cursor over graph areas. You can also
configure the explorer’s time range to reflect a period as short as the last hour or as long as the last year.
Only users with the Administrator, Security Analyst, or Security Analyst (Read Only) user roles have
access to the Context Explorer.
sections in more detail by simply clicking or hovering your cursor over graph areas. You can also
configure the explorer’s time range to reflect a period as short as the last hour or as long as the last year.
Only users with the Administrator, Security Analyst, or Security Analyst (Read Only) user roles have
access to the Context Explorer.
The FireSIGHT System dashboard is highly customizable and compartmentalized and updates in real
time. In contrast, the Context Explorer is manually updated, designed to provide broader context for its
data, and has a single, consistent layout designed for active user exploration.
time. In contrast, the Context Explorer is manually updated, designed to provide broader context for its
data, and has a single, consistent layout designed for active user exploration.
You use the dashboard to monitor real-time activity on your network and appliances according to your
own specific needs. Conversely, you use the Context Explorer to investigate a predefined set of recent
FireSIGHT data in granular detail and clear context: for example, if you notice that only 15% of hosts
on your network use Linux, but account for almost all YouTube traffic, you can quickly apply filters to
view data only for Linux hosts, only for YouTube-associated application data, or both. Unlike the
compact, narrowly focused dashboard widgets, the Context Explorer sections are designed to provide
striking visual representations of system activity in a format useful to both expert and casual users of the
FireSIGHT System.
own specific needs. Conversely, you use the Context Explorer to investigate a predefined set of recent
FireSIGHT data in granular detail and clear context: for example, if you notice that only 15% of hosts
on your network use Linux, but account for almost all YouTube traffic, you can quickly apply filters to
view data only for Linux hosts, only for YouTube-associated application data, or both. Unlike the
compact, narrowly focused dashboard widgets, the Context Explorer sections are designed to provide
striking visual representations of system activity in a format useful to both expert and casual users of the
FireSIGHT System.
Note that the data displayed depends on such factors as how you license and deploy your managed
devices, whether you configure features that provide the data and, in the case of Series 2 appliances,
whether the appliance supports a feature that provides the data. For example, neither the DC500 Defense
Center nor Series 2 devices support advanced malware detection, so the DC500 Defense Center cannot
display this data and Series 2 devices do not detect it.
devices, whether you configure features that provide the data and, in the case of Series 2 appliances,
whether the appliance supports a feature that provides the data. For example, neither the DC500 Defense
Center nor Series 2 devices support advanced malware detection, so the DC500 Defense Center cannot
display this data and Series 2 devices do not detect it.
The following table summarizes some of the key differences between the dashboard and the Context
Explorer.
Explorer.