Cisco Cisco Firepower Management Center 4000

The final page of a custom workflow depends on the table on which you base the workflow, as described 
in the following table. These final pages are added by default when you create the workflow.

The appliance does not add a final page to custom workflows based on other kinds of events (for 
example, audit log or malware events).

The procedure for creating a custom workflow based on connection data is slightly different. For more 
information, see the next section, 

.

Admin/Any Security Analyst

Select 

.

The Custom Workflows page appears.

Click 

.

The Edit Custom Workflow page appears.

Type a name for the workflow in the 

 field.

You can use up to 60 alphanumeric characters and spaces in the name.

Optionally, type a description for the workflow in the 

 field.

You can use up to 80 alphanumeric characters and spaces.

Select the table you want to include from the 

drop-down list.

Optionally, click 

 to add one or more drill-down pages to the workflow.

A drill-down page section appears.

Begin by typing a name for the page in the 

 field, using up to 80 alphanumeric characters, but 

no spaces.

Under Column 1, select a sort priority and a table column. This column will appear in the leftmost 
column of the page. For example, to create a page showing the destination ports that are targeted, and to 
sort the page by count, select 

 from the 

 drop-down list and 

 from the 

 

drop-down list.

Continue selecting fields to include and setting their sort priority until all the fields to appear on the page 
have been specified. You can specify up to five fields per page.

discovery events

hosts

vulnerabilities

vulnerability detail

third-party vulnerabilities

hosts

users

users

indications of compromise

hosts

intrusion events

packets