Cisco Cisco Firepower Management Center 4000
43-23
FireSIGHT System User Guide
Chapter 43 Configuring Active Scanning
Working with Active Scan Results
For more information on searching, including how to load and delete saved searches, see
To search for scan results:
Access:
Admin/Discovery Admin
Step 1
Select
Analysis > Search
, then select
Scan Results
from the
Table
drop-down list.
The Scan Results search page appears.
Tip
To search the database for a different kind of event, select it from the
Table
drop-down list.
Step 2
Optionally, if you want to save the search, enter a name for the search in the
Name
field.
If you do not enter a name, the Defense Center automatically creates one when you save the search.
Step 3
Enter your search criteria in the appropriate fields, as described in the
table.
If you enter multiple criteria, the Defense Center returns only the records that match all the criteria.
Step 4
If you want to save the search so that other users can access it, clear the
Save As Private
check box.
Otherwise, leave the check box selected to save the search so that only you can use it.
Tip
If you want to save a search as a restriction for custom user roles with restricted privileges (or for
converted Restricted Event Analysts from pre-4.10.1 versions), you must save it as a private search.
converted Restricted Event Analysts from pre-4.10.1 versions), you must save it as a private search.
Step 5
You have the following options:
•
Click
Search
to start the search.
Your search results appear.
Table 43-4
Scan Results Search Criteria
Field
Search Criteria Rules
Start Time
Type the date and time that the scan that produced the results started.
See
for the syntax for entering time.
End Time
Type the date and time that the scan that produced the results ended.
See
for the syntax for entering time.
Scan Target
Type the IP address (or host name, if DNS resolution is enabled) of the scan target for the scan
that produced the results.
that produced the results.
Use a specific IP address or CIDR notation to specify a range of IP addresses. See
for a full description of the syntax allowed for IP addresses.
Scan Type
Type
Nmap
or a third-party scanner ID to indicate the type of the scan that produced the results.
Scan Mode
Type the mode of the scan that produced the results:
•
Type
On
Demand
to retrieve results from scans run on demand.
•
Type
Imported
to retrieve results from scans on a different system and imported onto the
Defense Center.
•
Type
Scheduled
to retrieve results from scans run as a scheduled task.