Cisco Cisco Firepower Management Center 4000

table based on the Intrusion Events table and the Hosts table, you must choose whether the data you 
display from the Hosts table applies to the host source IP address or the host destination IP address in 
the Intrusion Events table.

When you create a new custom table, a default workflow that displays all the columns in the table is 
automatically created. Also, just as with predefined tables, you can search custom tables for data that 
you want to use in your network analysis. You can also generate reports based on custom tables, as you 
can with predefined tables.

For more information on creating custom tables, see:

FireSIGHT

If you determine that your analysis of the activity on your network would be enhanced by combining 
fields from different tables, you can create a custom table. 

Instead of creating a new custom table, you can export a custom table from another Defense Center, then 
import it onto your Defense Center. You can then edit the imported custom table to suit your needs. For 
more information, see 

To create a custom table, decide which predefined tables delivered with the FireSIGHT System contain 
the fields you want to include in your custom table. You can then choose which fields you want to include 
and, if necessary, configure field mappings for any common fields.

Data involving the Hosts table allows you to view data associated with all IP addresses from one host, 
rather than one specific IP address.

For example, consider a custom table that combines fields from the Correlation Events table and the 
Hosts table. You can use this custom table to get detailed information about the hosts involved in 
violations of any of your correlation policies. Note that you must decide whether to display data from 
the Hosts table that matches the source IP address or the destination IP address in the Correlation Events 
table.