Cisco Cisco Firepower Management Center 4000

47-16

FireSIGHT System User Guide

Chapter 47 Understanding and Using Workflows

Using Workflows

•

Using Compound Constraints, page 47-33

explains how compound constraints can be used and

provides examples.

•

Sorting Drill-Down Workflow Pages, page 47-34

describes features for sorting the data displayed in

workflows, and for removing and restoring table columns to view.

•

Selecting Rows on a Workflow Page, page 47-35

describes how to select data rows in the displayed

table that you want to analyze or on which you want to perform some other action.

•

Navigating to Other Pages in the Workflow, page 47-35

describes how to open other workflows

using the constraints, including any selected events, from the current workflow.

•

Navigating Between Workflows, page 47-36

describes the

Jump to

drop-down list and explains how

you can use it to apply the current constraints to a different workflow.

•

Searching for Events, page 45-1

provides information about the feature used to search event data.

•

Using Bookmarks, page 47-37

describes how to create, manage, and use bookmarks.

Selecting Workflows

License:

Any

The FireSIGHT System provides predefined workflows for the types of data listed in the following table.

Table 47-20

Features Using Workflows

Feature

Menu Path

Option

Intrusion events

Analysis > Intrusions

Events

Reviewed Events

Clipboard

Incidents

Malware events

Analysis > Files

Malware Events

File events

Analysis > Files

File Events

Captured files

Analysis > Files

Captured Files

Connection events

Analysis > Connections

Events

Security Intelligence
events

Analysis > Connections

Security Intelligence Events

Host events

Analysis > Hosts

Network Map

Hosts

Indications of Compromise

Applications

Application Details

Servers

Host Attributes

Discovery Events

User events

Analysis > Users

User Activity

Users