Cisco Cisco Firepower Management Center 4000

A workflow is a tailored series of data pages on the Defense Center web interface that analysts can use 
to evaluate events generated by the system. The Defense Center provides three types of workflows: 

Predefined workflows, which are preset workflows installed on the system that you cannot modify 
or delete.

Saved custom workflows, which are predefined custom workflows that you can modify or delete.

Custom workflows, which are workflows that you create and customize for your specific needs.

For example, when you analyze intrusion events, you can choose from several predefined workflows 
specifically created for the task. 

Note that the data displayed in a workflow often depends on such factors as how you license and deploy 
your managed devices, whether you configure features that provide the data and, in the case of Series 2 
appliances, whether the appliance supports a feature that provides the data. For example, because neither 
the DC500 Defense Center nor Series 2 devices support URL filtering by category and reputation, the 
DC500 Defense Center does not display data for this feature and Series 2 devices do not detect this data.

See the following sections for more information about using predefined and custom workflows:

You can also use custom workflows as the basis for event reports. See 

 

for more information.

Any

Workflows can include several types of pages, as described in the following sections.

Table views include a column for each of the fields in the database on which your workflow is based. 

For example, the table view of discovery events includes the Time, Event, IP Address, User, MAC 
Address, MAC Vendor, Port, Description, and Device columns.