Cisco Cisco Firepower Management Center 2000
47-40
FireSIGHT System User Guide
Chapter 47 Understanding and Using Workflows
Using Custom Workflows
The final page of a custom workflow depends on the table on which you base the workflow, as described
in the following table. These final pages are added by default when you create the workflow.
in the following table. These final pages are added by default when you create the workflow.
The appliance does not add a final page to custom workflows based on other kinds of events (for
example, audit log or malware events).
example, audit log or malware events).
Note
The procedure for creating a custom workflow based on connection data is slightly different. For more
information, see the next section,
information, see the next section,
.
To create a custom workflow:
Access:
Admin/Any Security Analyst
Step 1
Select
Analysis > Custom > Custom Workflows
.
The Custom Workflows page appears.
Step 2
Click
Create Custom Workflow
.
The Edit Custom Workflow page appears.
Step 3
Type a name for the workflow in the
Name
field.
You can use up to 60 alphanumeric characters and spaces in the name.
Step 4
Optionally, type a description for the workflow in the
Description
field.
You can use up to 80 alphanumeric characters and spaces.
Step 5
Select the table you want to include from the
Table
drop-down list.
Step 6
Optionally, click
Add Page
to add one or more drill-down pages to the workflow.
A drill-down page section appears.
Begin by typing a name for the page in the
Page Name
field, using up to 80 alphanumeric characters, but
no spaces.
Under Column 1, select a sort priority and a table column. This column will appear in the leftmost
column of the page. For example, to create a page showing the destination ports that are targeted, and to
sort the page by count, select
column of the page. For example, to create a page showing the destination ports that are targeted, and to
sort the page by count, select
2
from the
Sort Priority
drop-down list and
DST Port/ICMP Code
from the
Field
drop-down list.
Continue selecting fields to include and setting their sort priority until all the fields to appear on the page
have been specified. You can specify up to five fields per page.
have been specified. You can specify up to five fields per page.
Table 47-30
Custom Workflow Final Pages
Workflows based on...
Have this final page...
discovery events
hosts
vulnerabilities
vulnerability detail
third-party vulnerabilities
hosts
users
users
indications of compromise
hosts
intrusion events
packets