Cisco Cisco Firepower Management Center 2000
4-34
FireSIGHT System User Guide
Chapter 4 Using the Context Explorer
Understanding the Context Explorer
Drilling Down on Context Explorer Data
License:
feature dependent
If you want to examine graph or list data in more detail than the Context Explorer allows, you can drill
down to the table views of the relevant data. (Note that you cannot drill down on the Traffic and Intrusion
Events over Time graph.) For example, drilling down on an IP address in the Traffic by Source IP graph
displays the Connections with Application Details view of the Connection Events table, including only
data associated with the source IP address you selected.
down to the table views of the relevant data. (Note that you cannot drill down on the Traffic and Intrusion
Events over Time graph.) For example, drilling down on an IP address in the Traffic by Source IP graph
displays the Connections with Application Details view of the Connection Events table, including only
data associated with the source IP address you selected.
Depending on the type of data you examine, additional options can appear in the context menu. Data
points that are associated with specific IP addresses offer the option to view host or whois information
on the IP address you select. Data points associated with specific applications offer the option to view
application information on the application you select. Data points associated with a specific user offer
the option to view that user’s user profile page. Data points associated with an intrusion event message
offer the option to view the rule documentation for that event’s associated intrusion rule, and data points
associated with a specific IP address offer the option to blacklist or whitelist that address.
points that are associated with specific IP addresses offer the option to view host or whois information
on the IP address you select. Data points associated with specific applications offer the option to view
application information on the application you select. Data points associated with a specific user offer
the option to view that user’s user profile page. Data points associated with an intrusion event message
offer the option to view the rule documentation for that event’s associated intrusion rule, and data points
associated with a specific IP address offer the option to blacklist or whitelist that address.
The context menu that you use to drill down on data also contains options to filter that data. For more
information on filtering, see
information on filtering, see
.
To drill down on data in the Context Explorer:
Access:
Admin/Any Security Analyst
Step 1
Select
Analysis > Context Explorer
.
The Context Explorer appears.
Step 2
In any section but Traffic and Intrusion Events over Time, click a data point that you want to investigate.
The context menu pop-up window appears nearby.
Step 3
Depending on the data point you selected, you have several options:
•
To view more details of this data in a table view, select
Drill into Analysis
.
A new window opens with a detailed table view of the data you selected.
•
If you selected a data point associated with a specific IP address and want more information about
the associated host, select
the associated host, select
View Host Information
.
A new window opens with a host profile page for the IP address you selected. For more information
on host attributes and host profiles, see
on host attributes and host profiles, see
.
•
If you selected a data point with a specific IP address and want to make a whois search on that
address, select
address, select
Whois
.
A new window opens with the results of a whois query for the IP address you selected.
•
If you selected a data point associated with a specific application and want more information about
that application, select
that application, select
View Application Information
.
A new window opens with information on the application you selected. For more information about
application attributes, see
application attributes, see
•
If you selected a data point associated with a specific user and want more information about that
user, select
user, select
View User Information
.
A new window opens with a user profile page for the user you selected. For more information on
user details, see
user details, see
.