Cisco Cisco Firepower Management Center 4000

Admin 

Select 

.

The table view appears. For information on working with remediation status events, see 

If you are using a custom workflow that does not include the table view of remediation status events, 
click 

 by the workflow title, then click 

.

FireSIGHT

You can search for remediation status events to determine when and if a particular remediation was 
launched. You may want to create searches customized for your network environment, then save them to 
reuse later. The search criteria you can use are described in the following table.

Result Message

A message that describes what happened when the remediation was launched. 
Status messages include:

Successful completion of remediation

Error in the input provided to the remediation module

Error in the remediation module configuration 

Error logging into the remote device or server

Unable to gain required privileges on remote device or server

Timeout logging into remote device or server

Timeout executing remote commands or servers

The remote device or server was unreachable

The remediation was attempted but failed

Failed to execute remediation program

Unknown/unexpected error

If custom remediation modules are installed, you may see additional 
status messages that are implemented by the custom module.

Rule

The name of the rule that triggered the remediation.

Time

The date and time that the Defense Center launched the remediation

Count

The number of events that match the information that appears in each row. Note 
that the Count field appears only after you apply a constraint that creates two 
or more identical rows.