Cisco Cisco Firepower Management Center 4000
4-35
FireSIGHT System User Guide
Chapter 4 Using the Context Explorer
Working with Filters in the Context Explorer
•
If you selected a data point associated with a specific intrusion event message and want more
information about the associated intrusion rule, select
information about the associated intrusion rule, select
View Rule Documentation
.
A new window opens with a rule details page relevant to the event you selected. For more
information on intrusion rule details, see
information on intrusion rule details, see
.
•
If you selected a data point associated with a specific file and want to view that file’s trajectory,
select
select
View Network File Trajectory
.
A new window opens with the trajectory map for the selected file. For more information on using
the network file trajectory feature, see
the network file trajectory feature, see
•
If you selected a data point associated with a specific IP address and want to add that IP address to
the Security Intelligence global blacklist or whitelist, select the appropriate option:
the Security Intelligence global blacklist or whitelist, select the appropriate option:
Blacklist Now
or
Whitelist Now
. Confirm your choice in the pop-up window that appears.
The IP address is blacklisted or whitelisted. For more information, see
These options are not listed on the DC500 Defense Center, which does not support Security
Intelligence data.
Intelligence data.
Working with Filters in the Context Explorer
License:
FireSIGHT
Beyond the basic, wide-ranging data that the Context Explorer initially displays, you have the option to
filter that data for a more granular contextual picture of activity on your network. Filters encompass all
types of FireSIGHT data except URL information, support exclusion as well as inclusion, can be applied
quickly by clicking on Context Explorer graph data points, and affect the entire explorer. You can apply
up to 20 filters at once to create a highly specific portrait tailored to the needs of your network and
organization. Filters that you apply are reflected in the Context Explorer URL so you can bookmark
useful filter sets in your browser program for later use.
filter that data for a more granular contextual picture of activity on your network. Filters encompass all
types of FireSIGHT data except URL information, support exclusion as well as inclusion, can be applied
quickly by clicking on Context Explorer graph data points, and affect the entire explorer. You can apply
up to 20 filters at once to create a highly specific portrait tailored to the needs of your network and
organization. Filters that you apply are reflected in the Context Explorer URL so you can bookmark
useful filter sets in your browser program for later use.
For information on using filters in the Context Explorer, see the following topics:
•
•
•
Adding and Applying Filters
License:
FireSIGHT, Protection, Control, or Malware
Supported Devices:
feature dependent
Supported Defense Centers:
feature dependent
You can add filters to Context Explorer data in several ways:
•
from the Add Filter window
•
from the context menu pop-up window, when you select a data point in the explorer