Cisco Cisco Firepower Management Center 4000

On the table view of intrusion events, select packets to view. See the 

 table for more information.

The packet view appears. If you selected more than one event, you can page through the packets by using 
the page numbers at the bottom of the page.

Protection

On the packet view, you can view information about the packet in the Event Information section.

The event message. For rule-based events, this corresponds to the rule message. For other events, 
this is determined by the decoder or preprocessor.

The ID for the event is appended to the message in the format 

. 

 is the generator 

ID of the rules engine, the decoder, or the preprocessor that generated the event. 

 is the identifier 

for the rule, decoder message, or preprocessor message. 

 is the revision number of the rule. For 

more information, refer to 

.

The time that the packet was captured.

The event classification. For rule-based events, this corresponds to the rule classification. For other 
events, this is determined by the decoder or preprocessor.

The event priority. For rule-based events, this corresponds to either the value of the 

priority

 

keyword or the value for the 

classtype

 keyword. For other events, this is determined by the decoder 

or preprocessor.

The ingress security zone of the packet that triggered the event. Only this security zone field is 
populated in a passive deployment. See 

For an inline deployment, the egress security zone of the packet that triggered the event. See 

.

The managed device where the access control policy was applied. See 

.

The metadata identifying the virtual firewall group through which the traffic passed. Note that the 
system only populates this field for ASA FirePOWER devices in multi-context mode.