Cisco Cisco Firepower Management Center 4000

Any

The FireSIGHT System allows you to create named objects, object groups, and application filters that 
can be used as part of your network configuration. You can use these objects, groups, and filters as search 
criteria when performing or saving searches.

When you perform a search, objects, object groups, and application filters appear in the format, 

${object_name}

. For example, a network object with the object name 

ten_ten_network

 appears as 

${ten_ten_network}

 in a search.

You can click the add object icon (

) that appears next to a search field where you can use an object 

as a search criterion.

Any

You can use a number of formats for specifying time search constraints. You can enter a time you want 
to match, and, optionally, a less than (

<

) or greater than (

>

) operator to match times before or after the 

time you enter.

The formats accepted by search criteria fields that take a time value are shown in the following table.

You can precede a time value with one of the following operators/keyword.

Any

When specifying IP addresses in searches, you can enter an individual IP address, a comma-separated 
list of addresses, an address block, or a range of IP addresses separated with a hyphen (-). You can also 
use negation.

For searches that support IPv6 (such as intrusion event, connection data, and correlation event searches) 
you can enter IPv4 and IPv6 addresses and CIDR/prefix length address blocks in any combination.

today [at HH:MMam|pm]

today

today at 12:45pm

YYYY-MM-DD HH:MM:SS

2006-03-22 14:22:59

< 

< 2006-03-22 14:22:59

Returns events with a timestamp before 2:23 PM, March 22, 
2006.

> 

> today at 2:45pm

Returns events with a timestamp later than today at 2:45 PM.