Cisco Cisco Firepower Management Center 4000
3-2
FireSIGHT System User Guide
Chapter 3 Using Dashboards
Note that the data displayed depends on such factors as how you license and deploy your managed
devices, whether you configure features that provide the data and, in the case of Series 2 appliances,
whether the appliance supports a feature that provides the data. For example, because neither the DC500
Defense Center nor Series 2 devices support URL filtering by category and reputation, the DC500
Defense Center does not display data for this feature and Series 2 devices do not detect this data.
devices, whether you configure features that provide the data and, in the case of Series 2 appliances,
whether the appliance supports a feature that provides the data. For example, because neither the DC500
Defense Center nor Series 2 devices support URL filtering by category and reputation, the DC500
Defense Center does not display data for this feature and Series 2 devices do not detect this data.
In addition to the Summary Dashboard, the Defense Center is delivered with the following predefined
dashboards:
dashboards:
•
The Application Statistics dashboard provides detailed information about application activity and
intrusion events on your monitored network. You can use this dashboard to track which applications
produce the most traffic, allowed and denied connections, and intrusion events, as well as the
number of unique applications in use and the estimated risk and business relevance of those
applications.
intrusion events on your monitored network. You can use this dashboard to track which applications
produce the most traffic, allowed and denied connections, and intrusion events, as well as the
number of unique applications in use and the estimated risk and business relevance of those
applications.
•
The Connection Summary dashboard uses connection data to create tables and charts of the activity
on your monitored network. You can use this dashboard to track the ports, applications, and initiator
and responder IPs associated with connections and traffic on your network, the overall volume of
connections and traffic, and geolocation information. You must log connections for this dashboard
to generate data; see
on your monitored network. You can use this dashboard to track the ports, applications, and initiator
and responder IPs associated with connections and traffic on your network, the overall volume of
connections and traffic, and geolocation information. You must log connections for this dashboard
to generate data; see
. Note that the output of this widget
depends on your connection logging configuration.
Tip
Widgets on this dashboard list total traffic in kilobytes (KB). The total traffic in KB is equal to the traffic
in KB/s multiplied by the total seconds covered by the selected time window.
in KB/s multiplied by the total seconds covered by the selected time window.
•
The Detailed Dashboard provides advanced users with detailed information about their FireSIGHT
System deployment and includes multiple widgets that summarize collected intrusion event,
network discovery, compliance, correlation, traffic, and system status data, as well as providing
information about Cisco news and product updates. You can use this dashboard to monitor a very
broad variety of network information at once.
System deployment and includes multiple widgets that summarize collected intrusion event,
network discovery, compliance, correlation, traffic, and system status data, as well as providing
information about Cisco news and product updates. You can use this dashboard to monitor a very
broad variety of network information at once.
•
The Files Dashboard provides detailed information about the files (including malware files) detected
on your network by managed devices, captured files stored on devices and submitted for dynamic
analysis, and malware detected using a subscription-based FireAMP strategy. Note that you must
have a Malware license and enable malware detection for this dashboard to include network-based
malware data. Also, neither the DC500 nor Series 2 devices support advanced malware detection,
so the DC500 cannot display this data and Series 2 devices do not detect it. For more information,
see
on your network by managed devices, captured files stored on devices and submitted for dynamic
analysis, and malware detected using a subscription-based FireAMP strategy. Note that you must
have a Malware license and enable malware detection for this dashboard to include network-based
malware data. Also, neither the DC500 nor Series 2 devices support advanced malware detection,
so the DC500 cannot display this data and Series 2 devices do not detect it. For more information,
see
•
The URL Statistics dashboard provides detailed information about allowed and denied traffic from
your monitored network to external URLs, sorted by URL category and reputation. Note that you
must have a URL Filtering license and enable URL Filtering for this dashboard to include URL
category and reputation data. Note also that neither the DC500 nor Series 2 devices support URL
filtering by reputation and category, so the DC500 cannot display this data and Series 2 devices do
not detect it. See
your monitored network to external URLs, sorted by URL category and reputation. Note that you
must have a URL Filtering license and enable URL Filtering for this dashboard to include URL
category and reputation data. Note also that neither the DC500 nor Series 2 devices support URL
filtering by reputation and category, so the DC500 cannot display this data and Series 2 devices do
not detect it. See
•
The User Statistics dashboard provides detailed information about user activity and intrusion events
on your monitored network. You can use this dashboard to track allowed and denied connections,
traffic, and intrusion events associated with users on your network, as well as the number of unique
users on the network. Because this dashboard depends on user awareness data, for this dashboard to
display meaningful statistics you must configure at least one User Agent and a Defense
Center-Active Directory LDAP server connection; see
on your monitored network. You can use this dashboard to track allowed and denied connections,
traffic, and intrusion events associated with users on your network, as well as the number of unique
users on the network. Because this dashboard depends on user awareness data, for this dashboard to
display meaningful statistics you must configure at least one User Agent and a Defense
Center-Active Directory LDAP server connection; see