Cisco Cisco Firepower Management Center 4000

Any

You can use the appliance to view a table of audit records. Then, you can manipulate the view depending 
on the information you are looking for. The predefined audit workflow includes a single table view of 
events. You can also create a custom workflow that displays only the information that matches your 
specific needs. For information on creating a custom workflow, see 

The following table describes some of the specific actions you can perform on an audit log workflow 
page.

learn more about the contents of the 
columns in the table

find more information in 

.

modify the time range used when 
viewing audit records

find more information at 

Note that events that were generated outside the appliance's configured time window 
(whether global or event-specific) may appear in an event view if you constrain the 
event view by time. This may occur even if you configured a sliding time window for 
the appliance.

sort and constrain events on the 
current workflow page

find more information in 

navigate within the current workflow 
page

find more information in 

navigate between pages in the current 
workflow, keeping the current 
constraints

click the appropriate page link at the top left of the workflow page. For more 
information, see 

drill down to the next page in the 
workflow

use one of the following methods:

To drill down to the next workflow page constraining on a specific value, click a 
value within a row. Note that this only works on drill-down pages. Clicking a 
value within a row in a table view constrains the table view and does not drill 
down to the next page.

To drill down to the next workflow page constraining on some events, select the 
check boxes next to the events you want to view on the next workflow page, then 
click 

.

To drill down to the next workflow page keeping the current constraints, click 

.

Table views always include “Table View” in the page name.

For more information, see 

.