Cisco Cisco Firepower Management Center 2000

Hover your pointer over any part of the graph to view more detailed information. Click any part of the 
graph to filter or drill down on that information.

Note that you must have a Malware license and enable malware detection for this graph to include 
network-based malware data. Note also that neither the DC500 Defense Center nor Series 2 devices 
support advanced malware detection, so the DC500 Defense Center cannot display this data and Series 2 
devices do not detect it. See 

This graph draws data primarily from the File Events and Malware Events tables.

FireSIGHT

Any except DC500

The Geolocation Information section of the Context Explorer contains three interactive donut graphs that 
display an overall picture of countries with which hosts on your monitored network are exchanging data: 
unique connections by initiator or responder country, intrusion events by source or destination country, 
and file events by sending or receiving country.

For more information on the graphs in the Geolocation Information section, see the following topics:

FireSIGHT

Any except DC500

The Connections by Initiator/Responder Country graph, in donut form, displays a proportional view of 
the countries involved in connections on your network as either the initiator (the default) or the 
responder. The inner ring groups these countries together by continent. For information about 
geolocation information, see 

. For information about connection data, see