Cisco Cisco Firepower Management Center 4000

Page of 1844
 
2-6
FireSIGHT System User Guide
 
Chapter 2      Logging into the FireSIGHT System 
  Using the Context Menu
Event Viewer
Event pages (drill-down pages and table views) contain hotspots over each event, IP address, and 
certain detected files’ SHA-256 hash values. For most event types, you can use the context menu to 
view related information in the Context Explorer, or drill down into event information in a new 
window. In places where an event field contains text too long to fully display in the event view, such 
as a file’s SHA-256 hash value, a vulnerability description, or a URL, you can use the context menu 
to view the full text. 
For captured files, file events, and malware events, you can use the context menu to add a file to or 
remove a file from the clean list or custom detection list, download a copy of the file, or submit the 
file to the Collective Security Intelligence Cloud for dynamic analysis.
For intrusion events, you can use the context menu to perform similar tasks to those in the intrusion 
rule editor or an intrusion policy: edit the triggering rule, set the rule state (including disabling the 
rule), configure thresholding and suppression options, and view rule documentation.
Packet View
Intrusion event packet views contain IP address hotspots. Note that the packet view uses a left-click 
context menu instead of a right-click menu.
Dashboard
Many dashboard widgets contain hotspots to view related information in the Context Explorer. 
Dashboard widgets can also contain IP address and SHA-256 value hotspots. 
Context Explorer
The Context Explorer contains hotspots over its charts, tables, and graphs. If you want to examine 
data from graphs or lists in more detail than the Context Explorer allows, you can drill down to the 
table views of the relevant data. You can also view related host, user, application, file, and intrusion 
rule information.
Note that the Context Explorer uses a left-click context menu, which also contains filtering and other 
options unique to the Context Explorer. For detailed information, see 
To access the context menu:
Access: 
Any
Step 1
On a hotspot-enabled page in the web interface, hover your pointer over a hotspot.
Except in the Context Explorer, a 
Right-click for menu
 message appears.
Step 2
Invoke the context menu:
  •
In the Context Explorer or packet view, left-click your pointing device.
  •
On all other hotspot-enabled pages, right-click your pointing device.
A pop-up context menu appears with options appropriate for the hotspot.
Step 3
Select one of the options by left-clicking the name of the option.
If you are using the access control policy editor or NAT policy editor, the rule is modified. Otherwise, a 
new browser window opens based on the option you selected.