Cisco Cisco Firepower Management Center 4000

Page of 1844
 
58-6
FireSIGHT System User Guide
 
Chapter 58      Specifying User Preferences 
  Configuring Event View Settings
  •
The 
Show the Last - Sliding
 option allows you configure a sliding default time window of the length 
you specify. 
The appliance displays all the events generated from a specific start time (for example, 1 hour ago) 
to the present. As you change event views, the time window “slides” so that you always see events 
from the last hour.
  •
The 
Show the Last - Static/Expanding 
option allows you to configure either a static or expanding default 
time window of the length you specify.
For static time windows, enable the 
Use End Time
 check box. The appliance displays all the events 
generated from a specific start time (for example, 1 hour ago) to the time when you first viewed the 
events. As you change event views, the time window stays fixed so that you see only the events that 
occurred during the static time window.
For expanding time windows, disable the 
Use End Time
 check box. The appliance displays all the 
events generated from a specific start time (for example, 1 hour ago) to the present. As you change 
event views, the time window expands to the present time.
  •
The 
Current Day - Static/Expanding
 option allows you to configure either a static or expanding default 
time window for the current day. The current day begins at midnight, based on the time zone setting 
for your current session.
For static time windows, enable the 
Use End Time
 check box. The appliance displays all the events 
generated from midnight to the time when you first viewed the events. As you change event views, 
the time window stays fixed so that you see only the events that occurred during the static time 
window.
For expanding time windows, disable the 
Use End Time
 check box. The appliance displays all the 
events generated from midnight to the present. As you change event views, the time window expands 
to the present time. Note that if your analysis continues for over 24 hours before you log out, this 
time window can be more than 24 hours.
  •
The 
Current Week - Static/Expanding
 option allows you to configure either a static or expanding default 
time window for the current week. The current week begins at midnight on the previous Sunday, 
based on the time zone setting for your current session.
For static time windows, enable the 
Use End Time
 check box. The appliance displays all the events 
generated from midnight to the time when you first viewed the events. As you change event views, 
the time window stays fixed so that you see only the events that occurred during the static time 
window.
For expanding time windows, disable the 
Use End Time
 check box. The appliance displays all the 
events generated from midnight Sunday to the present. As you change event views, the time window 
expands to the present time. Note that if your analysis continues for over 1 week before you log out, 
this time window can be more than 1 week.
Default Workflows
License: 
Any
A workflow is a series of pages displaying data that analysts use to evaluate events. For each event type, 
the appliance ships with at least one predefined workflow. For example, as a Security Analyst, depending 
on the type of analysis you are performing, you can choose among ten different intrusion event 
workflows, each of which presents intrusion event data in a different way.