Cisco Cisco Firepower Management Center 4000
47-15
FireSIGHT System User Guide
Chapter 47 Understanding and Using Workflows
Using Workflows
Using Workflows
License:
Any
The drill-down and table view pages in workflows allow you to quickly narrow your view of the data so
you can zero in on events that are significant to your analysis. Although the data in each type of workflow
is different, all workflows share a common set of features. The following sections describe these features
and explain how to use them:
you can zero in on events that are significant to your analysis. Although the data in each type of workflow
is different, all workflows share a common set of features. The following sections describe these features
and explain how to use them:
•
describes the workflow selection page and how to select a
workflow to use.
•
describes the toolbar options available in
workflows.
•
describes the features that appear on all workflow pages and
explains how to use them.
•
describes how to set the time range for event-based
workflows. The workflow includes events generated in the specified time range.
•
describes features that are used in workflows to constrain, or
narrow, the view of data in workflows and to advance through workflow pages.
Hosts with Servers Default
Workflow
Workflow
You can use this workflow to quickly view the basic information in the Hosts with Servers
custom table.
custom table.
By default, this workflow begins with a table view of hosts with servers, followed by the host
view. This workflow is based on the Hosts with Servers custom table. For more information, see
view. This workflow is based on the Hosts with Servers custom table. For more information, see
.
Intrusion Events with
Destination Criticality
Default Workflow
Destination Criticality
Default Workflow
You can use this workflow to quickly view the basic information in the Intrusion Events with
Destination Criticality custom table.
Destination Criticality custom table.
By default, this workflow starts with a table view of Intrusion Events with Destination
Criticality, followed by the packet view. This workflow is based on the Intrusion Events with
Destination Criticality custom table. For more information, see
Criticality, followed by the packet view. This workflow is based on the Intrusion Events with
Destination Criticality custom table. For more information, see
.
Intrusion Events with
Source Criticality Default
Workflow
Source Criticality Default
Workflow
You can use this workflow to quickly view the basic information in the Intrusion Events with
Source Criticality custom table.
Source Criticality custom table.
By default, this workflow starts with a table view of Intrusion Events with Source Criticality,
followed by the packet view. This workflow is based on the Intrusion Events with Source
Criticality custom table. For more information, see
followed by the packet view. This workflow is based on the Intrusion Events with Source
Criticality custom table. For more information, see
Server and Host Details
You can use this workflow to determine what servers are most frequently used on your network
and which hosts are running those servers.
and which hosts are running those servers.
By default, this workflow begins with a summary of servers with the frequency of access for
each service. The next page lists servers by operating system vendor and version. The workflow
concludes with a table view of hosts with servers, followed by the host view. This workflow is
based on the Hosts with Servers custom table. For more information, see
each service. The next page lists servers by operating system vendor and version. The workflow
concludes with a table view of hosts with servers, followed by the host view. This workflow is
based on the Hosts with Servers custom table. For more information, see
Table 47-19
Saved Custom Workflows (continued)
Workflow Name
Description