Cisco Cisco Firepower Management Center 4000

The Search page appears.

From the 

 drop-down list, select 

.

The Users search page appears.

To search the database for a different kind of event, select it from the 

 drop-down list.

Optionally, if you want to save the search, enter a name for the search in the 

 field.

If you do not enter a name, one is created automatically when you save the search.

Enter your search criteria in the appropriate fields. If you enter multiple criteria, the search returns only 
the records that match all the criteria.

If you want to save the search so that other users can access it, clear the 

 check box. 

Otherwise, leave the check box selected to save the search as private. 

If you want to save a search as a restriction for custom user roles with restricted privileges, you must 
save it as a private search.

You have the following options:

Click 

 to start the search.

Your search results appear in the default users workflow. To use a different workflow, click 

. For information on specifying a different default workflow, see 

. 

Click 

 if you are modifying an existing search and want to save your changes.

Click 

 to save the search criteria. The search is saved (and associated with your 

user account if you selected 

), so that you can run it at a later time.

FireSIGHT

The FireSIGHT System generates events that communicate the details of user activity on your network. 
Descriptions of the four types of user activity follow.

This event is generated when the system detects a user login for a user that is not in the database.

This event is generated when any of the following occur:

an Active Directory Agent that you installed on an Active Directory server detects an LDAP 
login

a managed device detects an LDAP, POP3, IMAP, SMTP, AIM, Oracle or SIP login

There are several points to keep in mind regarding user login events: