Cisco Cisco Firepower Management Center 4000

click the host icon (

) or compromised host icon (

) next to any IP address to view the host 

profile for the associated machine; see 

 (Defense Center with network 

discovery only)

click any IP address or access time to view the audit log constrained by that IP address and by the 
time that the user associated with that IP address logged on to the web interface; see 

The widget preferences control how often the widget updates. For more information, see 

.

Any

The Custom Analysis widget is a highly customizable widget that allows you to display detailed 
information on the events collected and generated by the FireSIGHT System. 

The Custom Analysis widget is delivered with numerous widget presets, which are groups of 
configurations that are predefined by Cisco. The presets serve as examples and can provide quick access 
to information about your deployment. You can use these presets or create a custom configuration.

When you configure the widget preferences, you must select which table and individual field you want 
to display, as well as the aggregation method that configures how the widget groups the data it displays.

For example, you can configure the Custom Analysis widget to display a list of recent intrusion events 
by configuring the widget to display data from the 

table. Selecting the 

 field 

and aggregating this data by 

 tells you how many events of each type were generated. Note that the 

count includes reviewed events for intrusion events; if you view the count in an event viewer it will not 
include reviewed events.

On the other hand, aggregating by 

 tells you how many unique intrusion events of each type 

have occurred (for example, how many detections of network trojans, potential violations of corporate 
policy, attempted denial-of-service attacks, and so on).