Cisco Cisco Firepower Management Center 4000

As the FireSIGHT System collects information about your network, the Defense Center stores it in a 
series of database tables. When you use a workflow to view the resulting information, the Defense Center 
pulls the data from one of these tables. For example, the columns on each page of the Network 
Applications by Count workflow are taken from the fields in the Applications table. 

If you determine that your analysis of the activity on your network would be enhanced by combining 
fields from different tables, you can create a custom table. For example, you could combine the host 
criticality information from the predefined Host Attributes table with the fields from the predefined 
Connection Data table and then examine connection data in a new context.

Note that you can create custom workflows for either predefined or custom tables. For more information 
on creating custom workflows, see 

.

The following sections describe how to create and use your own custom tables:

FireSIGHT

Custom tables contain fields from two or more predefined tables. The FireSIGHT System is delivered 
with a number of system-defined custom tables, but you can create additional custom tables that contain 
only information that matches your specific needs. 

For example, the FireSIGHT System is delivered with system-defined custom tables that correlate 
intrusion event data with host data, so you can search for events that impact critical systems and view 
the results of that search in one workflow. The following table describes the custom tables provided with 
the system.