Cisco Cisco Firepower Management Center 4000
4-4
FireSIGHT System User Guide
Chapter 4 Using the Context Explorer
Understanding the Context Explorer
This section draws data primarily from the Intrusion Events and Connection Events tables.
Understanding the Indications of Compromise Section
License:
FireSIGHT
The Indications of Compromise (IOC) section of the Context Explorer contains two interactive sections
that provide an overall picture of potentially compromised hosts on your monitored network: a
proportional view of the most prevalent IOC types triggered, as well as a view of hosts by number of
triggered indications.
that provide an overall picture of potentially compromised hosts on your monitored network: a
proportional view of the most prevalent IOC types triggered, as well as a view of hosts by number of
triggered indications.
For more information on the graphs in the Indications of Compromise section, see the following topics:
•
•
Viewing the Hosts by Indication Graph
License:
FireSIGHT
The Hosts by Indication graph, in donut form, displays a proportional view of the Indications of
Compromise (IOC) triggered by hosts on your monitored network. The inner ring divides by IOC
category (such as
Compromise (IOC) triggered by hosts on your monitored network. The inner ring divides by IOC
category (such as
CnC Connected
or
Malware Detected
), while the outer ring further divides that data
by specific event type (such as
Impact 2 Intrusion Event — attempted-admin
or
Threat Detected
in File Transfer
).