Cisco Cisco Firepower Management Center 4000

rules on the detection of application. For example, if you want your employees to use a specific mail 
client, you could trigger a correlation rule when the system detects a different mail client running on one 
of your hosts.

You should carefully read the release notes for each FireSIGHT System update as well as the advisories 
for each VDB update for information on updated detectors.

To collect and store application data for analysis, make sure that you enable application detection in your 
network discovery policy. For more information, see 

.

See the following sections for more information:

FireSIGHT

You can use the Defense Center to view a table of detected applications. Then, you can manipulate the 
event view depending on the information you are looking for.

The page you see when you access applications differs depending on the workflow you use. You can also 
create a custom workflow that displays only the information that matches your specific needs. For more 
information, see 

 below describes some of the specific actions you can perform on an application 

workflow page. You can also perform the tasks described in the 

 table.

Admin/Any Security Analyst

Select 

.

The first page of the default application details workflow appears. To use a different workflow, including 
a custom workflow, click 

. For information on specifying a different default workflow, 

see 

.

If you are using a custom workflow that does not include the table view of application details, click 

, then select 

.

learn more about the contents of the 
columns in the table

find more information in 

open the Application Detail View for a 
specific application

click the application detail view icon (

) next to a client, 

application protocol, or web application.