Cisco Cisco Firepower Management Center 4000
C H A P T E R
46-1
FireSIGHT System User Guide
46
Using Custom Tables
As the FireSIGHT System collects information about your network, the Defense Center stores it in a
series of database tables. When you use a workflow to view the resulting information, the Defense Center
pulls the data from one of these tables. For example, the columns on each page of the Network
Applications by Count workflow are taken from the fields in the Applications table.
series of database tables. When you use a workflow to view the resulting information, the Defense Center
pulls the data from one of these tables. For example, the columns on each page of the Network
Applications by Count workflow are taken from the fields in the Applications table.
If you determine that your analysis of the activity on your network would be enhanced by combining
fields from different tables, you can create a custom table. For example, you could combine the host
criticality information from the predefined Host Attributes table with the fields from the predefined
Connection Data table and then examine connection data in a new context.
fields from different tables, you can create a custom table. For example, you could combine the host
criticality information from the predefined Host Attributes table with the fields from the predefined
Connection Data table and then examine connection data in a new context.
Note that you can create custom workflows for either predefined or custom tables. For more information
on creating custom workflows, see
on creating custom workflows, see
.
The following sections describe how to create and use your own custom tables:
•
•
•
•
•
•
Understanding Custom Tables
License:
FireSIGHT
Custom tables contain fields from two or more predefined tables. The FireSIGHT System is delivered
with a number of system-defined custom tables, but you can create additional custom tables that contain
only information that matches your specific needs.
with a number of system-defined custom tables, but you can create additional custom tables that contain
only information that matches your specific needs.
For example, the FireSIGHT System is delivered with system-defined custom tables that correlate
intrusion event data with host data, so you can search for events that impact critical systems and view
the results of that search in one workflow. The following table describes the custom tables provided with
the system.
intrusion event data with host data, so you can search for events that impact critical systems and view
the results of that search in one workflow. The following table describes the custom tables provided with
the system.