Cisco Cisco Firepower Management Center 4000

Page of 1844
 
38-38
FireSIGHT System User Guide
 
Chapter 38      Working with Discovery Events 
  Working with Applications
Step 1
Select 
Analysis > Search
.
The Search page appears.
Step 2
From the 
Table
 drop-down list, select 
Servers
.
The page reloads with the appropriate constraints.
Tip
To search the database for a different kind of event, select it from the 
Table
 drop-down list.
Step 3
Optionally, if you want to save the search, enter a name for the search in the 
Name
 field.
If you do not enter a name, the Defense Center automatically creates one when you save the search.
Step 4
Enter your search criteria in the appropriate fields. If you enter multiple criteria, the Defense Center 
returns only the records that match all the criteria. Click the add icon (
) that appears next to a search 
field to use an object as a search criterion.
Step 5
If you want to save the search so that other users can access it, clear the 
Save As Private
 check box. 
Otherwise, leave the check box selected to save the search so that only you can use it. 
Tip
If you want to save a search as a restriction for custom user roles with restricted privileges, you must 
save it as a private search.
Step 6
You have the following options:
  •
Click 
Search
 to start the search.
Your search results appear in the default servers workflow. To use a different workflow, including a 
custom workflow, click 
(switch workflow)
. For information on specifying a different default 
workflow, see 
  •
Click 
Save
 if you are modifying an existing search and want to save your changes.
  •
Click 
Save as New Search
 to save the search criteria. The search is saved (and associated with your 
user account if you selected 
Save As Private
), so that you can run it at a later time.
Working with Applications
License: 
FireSIGHT
When a monitored host connects to another host, the system can, in many cases, determine what 
application was used. The FireSIGHT System detects the use of many email, instant messaging, peer to 
peer, web applications, as well as other types of applications.
For each detected application, the system logs the IP address that used the application, the product, the 
version, and the number of times its use was detected. You can use the web interface to view, search, and 
delete application events. You can also update application data on a host or hosts using the host input 
feature. 
If you know which applications are running on which hosts, you can use that knowledge to create host 
profile qualifications, which constrain the data you collect while building a traffic profile, and also can 
limit the conditions under which you want to trigger a correlation rule. You can also base correlation