Cisco Cisco Firepower Management Center 2000
41-19
FireSIGHT System User Guide
Chapter 41 Configuring Remediations
Working with Remediation Status Events
Tip
If you are using a custom workflow that does not include the table view of remediations, click
(switch
workflow)
menu by the workflow title, then select
Remediation Status
.
Working with Remediation Status Events
License:
FireSIGHT
You can change the layout of the event view or constrain the events in the view by a field value.
When you disable a column, it is disabled for the duration of your session (unless you add it back later).
Note that when you disable the first column, the Count column is added.
Note that when you disable the first column, the Count column is added.
Clicking a value within a row in a table view constrains the table view and does not drill down to the
next page.
next page.
Tip
Table views always include “Table View” in the page name.
For more information, see the following topics:
•
.
•
.
•
•
Understanding the Remediation Status Table
License:
FireSIGHT
You can configure the Defense Center to launch a variety of responses to policy violations and to
discovery events. These responses include remediations, such as blocking a host at the firewall or router
when it violates a policy. When a remediation triggers, a remediation status event is generated and
logged to the database. For more information on remediations, see
discovery events. These responses include remediations, such as blocking a host at the firewall or router
when it violates a policy. When a remediation triggers, a remediation status event is generated and
logged to the database. For more information on remediations, see
.
The fields in the remediation status table are described in the following table.
Table 41-2
Remediation Status Fields
Field
Description
Policy
The name of the correlation policy that was violated and triggered the
remediation.
remediation.
Remediation Name
The name of the remediation that was launched.