Cisco Cisco Firepower Management Center 4000

Enter your search criteria in the appropriate fields, as described in the 

 

table:

All fields accept negation (

!

).

All fields accept comma-separated lists. If you enter multiple criteria, the search returns only the 
records that match all the criteria.

Many fields accept one or more asterisks (

*

) as wild cards. 

Specify 

n/a

 in any field to identify events where information is not available for that field; use 

!n/a

 

to identify the events where that field is populated.

Click the add object icon (

) that appears next to a search field to use an object as a search 

criterion.

For more information on search syntax, including using objects in searches, see 

.

If you want to save the search so that other users can access it, clear the 

 check box. 

Otherwise, leave the check box selected to save the search as private.

If you want to use the search as a data restriction for a custom user role, you must save it as a private 
search.

You have the following options:

Click 

 to start the search.

Your search results appear in the default correlation events workflow, constrained by the current 
time range. To use a different workflow, including a custom workflow, click 

 by the 

workflow title. For information on specifying a different default workflow, see 

Click 

 if you are modifying an existing search and want to save your changes.

Click 

 to save the search criteria. The search is saved (and associated with your 

user account if you selected 

) so that you can run it at a later time.