Cisco Cisco Firepower Management Center 4000

If you plan to use this remediation in response to a correlation rule that triggers on a discovery event or 
host input event, by default the remediation scans the IP address of the host involved in the event; you 
do not need to configure this option.

Configure the 

 option:

To use the description from the event as the attribute value, select 

. 

To use the Attribute Value setting for the remediation as the attribute value, select 

. 

If you are not planning to use the event description, type the attribute value you want to set in the 

 field. 

Click 

, then click 

.

The remediation is created.

FireSIGHT

When a remediation triggers, a remediation status event is generated. These events are logged to the 
database and can be viewed on the Remediation Status page. You can search, view, and delete 
remediation status events.

For more information, see:

FireSIGHT

The page you see when you access remediation status events differs depending on the workflow you use. 
You can use the predefined workflow, which includes a table view of remediations. The table view 
contains a row for each remediation status event. You can also create a custom workflow that displays 
only the information that matches your specific needs. For information on creating a custom workflow, 
see 

The following table describes some of the specific actions you can perform on a remediation status 
events workflow page.

learn more about the columns that appear find more information in 

.

modify the time and date range for 
displayed events

see 

.

Note that events that were generated outside the appliance's configured time 
window (whether global or event-specific) may appear in an event view if you 
constrain the event view by time. This can occur even if you configured a sliding 
time window for the appliance.