Cisco Cisco Firepower Management Center 4000

Note that there is no Protocol column in the intrusion event table view. This is the protocol 
associated with the source and destination port/ICMP column.

Specify the source port associated with the intrusion event.

For ICMP traffic, which does not target ports, you can use this field to search for events with specific 
ICMP types.

Specify the destination port associated with the intrusion event.

For ICMP traffic, which does not target ports, you can use this field to search for events with specific 
ICMP codes.

Specify the innermost VLAN ID associated with the packet that triggered the intrusion event.

Specify the Multiprotocol Label Switching label of the packet associated with the packet that 
triggered the intrusion event.

Specify all or part of the event message for the events you want to view.

Enter the classification number, or all or part of the classification name or description for the rule 
that generated the events you want to view. You can also enter a comma-separated list of numbers, 
names, or descriptions. Finally, if you add a custom classification, you can also search using all or 
part of its name or description. See the 

 table for a list of classification numbers, 

names, and descriptions.

Specify the component that generated the events you want to view, as listed in the 

table.

Specify the Snort ID (SID) of the rule that generated the event or, optionally, specify the 
combination generator ID (GID) and SID of the rule, where the GID and SID are separated with a 
colon (:) in the format GID:SID. You can specify any of the values in the following table: 

a single SID

10000

a SID range

10000-11000

greater than a SID

>10000