Cisco Cisco Firepower Management Center 4000

Admin/Any Security Analyst

Select 

.

The first page of the default correlation events workflow appears. To use a different workflow, including 
a custom workflow, click 

 by the workflow title. For information on specifying a 

different default workflow, see 

. If no events appear, you 

may need to adjust the time range; see 

navigate between pages in the current 
workflow, keeping the current 
constraints

click the appropriate page link at the top left of the workflow page. For more 
information, see 

.

learn more about the columns that 
appear

find more information in 

modify the time and date range for 
displayed events

find more information in see 

Note that events that were generated outside the appliance's configured time window 
(whether global or event-specific) may appear in an event view if you constrain the 
event view by time. This may occur even if you configured a sliding time window for 
the appliance.

drill down to the next page in the 
workflow, constraining on a specific 
value

use one of the following methods:

on a drill-down page that you created in a custom workflow, click a value within 
a row. Note that clicking a value within a row in a table view constrains the table 
view and does not drill down to the next page.

To drill down to the next workflow page constraining on some users, select the 
check boxes next to the users you want to view on the next workflow page, then 
click 

.

To drill down to the next workflow page keeping the current constraints, click 

.

Table views always include “Table View” in the page name.

For more information, see 

.

delete correlation events from the 
system

use one of the following methods:

To delete some events, select the check boxes next to the events you want to 
delete, then click 

.

To delete all events in the current constrained view, click 

, then confirm 

you want to delete all the events.

navigate to other event views to view 
associated events

find more information in