Manualsbrain.com
  1. Manuals
  2. Brands
  3. Cisco
  4. Cisco Firepower Management Center 4000

Cisco Cisco Firepower Management Center 4000

Download
Page of 1844
 
43-23
FireSIGHT System User Guide
 
Chapter 43      Configuring Active Scanning
  Working with Active Scan Results
For more information on searching, including how to load and delete saved searches, see 
To search for scan results:
Access: 
Admin/Discovery Admin
Step 1
Select 
Analysis > Search
, then select 
Scan Results
 from the 
Table
 drop-down list.
The Scan Results search page appears.
Tip
To search the database for a different kind of event, select it from the 
Table
 drop-down list.
Step 2
Optionally, if you want to save the search, enter a name for the search in the 
Name
 field.
If you do not enter a name, the Defense Center automatically creates one when you save the search.
Step 3
Enter your search criteria in the appropriate fields, as described in the 
 table. 
If you enter multiple criteria, the Defense Center returns only the records that match all the criteria.
Step 4
If you want to save the search so that other users can access it, clear the 
Save As Private
 check box. 
Otherwise, leave the check box selected to save the search so that only you can use it. 
Tip
If you want to save a search as a restriction for custom user roles with restricted privileges (or for 
converted Restricted Event Analysts from pre-4.10.1 versions), you must save it as a private search.
Step 5
You have the following options:
  •
Click 
Search
 to start the search.
Your search results appear. 
Table 43-4
Scan Results Search Criteria 
Field
Search Criteria Rules
Start Time
Type the date and time that the scan that produced the results started.
See 
 for the syntax for entering time.
End Time
Type the date and time that the scan that produced the results ended. 
See 
 for the syntax for entering time.
Scan Target
Type the IP address (or host name, if DNS resolution is enabled) of the scan target for the scan 
that produced the results. 
Use a specific IP address or CIDR notation to specify a range of IP addresses. See 
 for a full description of the syntax allowed for IP addresses.
Scan Type
Type 
Nmap
 or a third-party scanner ID to indicate the type of the scan that produced the results.
Scan Mode
Type the mode of the scan that produced the results:
  •
Type 
On
 
Demand
 to retrieve results from scans run on demand.
  •
Type 
Imported
 to retrieve results from scans on a different system and imported onto the 
Defense Center.
  •
Type 
Scheduled
 to retrieve results from scans run as a scheduled task.