Cisco Cisco Firepower Management Center 4000
3-15
FireSIGHT System User Guide
Chapter 3 Using Dashboards
Understanding the Predefined Widgets
The following table describes the available presets for the Custom Analysis widget. It also indicates
which, if any, Defense Center predefined dashboard uses each preset. Note the following:
which, if any, Defense Center predefined dashboard uses each preset. Note the following:
•
Predefined dashboards on managed devices do not include Custom Analysis widgets.
•
The DC500 Defense Center does not display and Series 2 devices do not detect data for features they
do not support. See
do not support. See
for a
summary of Series 2 appliance features.
For more information on specific license types, see
.
Field
the specific field of the event type you want to display.
Tip
To display a graph over time, select
Time
.
Aggregate
the aggregation method for the widget.
The aggregation method configures how the widget groups the data it displays.
For most event types, the default aggregation criterion is
For most event types, the default aggregation criterion is
Count
.
Filter
a user-defined application filter that you want to use to further constrain the data
that the widget displays.
that the widget displays.
You can only use application filters if you are displaying data from the
Application Statistics or Intrusion Event Statistics by Application tables. For
more information on application filters, see
Application Statistics or Intrusion Event Statistics by Application tables. For
more information on application filters, see
Search
the saved search you want to use to further constrain the data that the widget
displays.
displays.
You do not have to specify a search, although some presets use predefined
searches.
searches.
If you create a saved connection event search that uses data in fields without an
asterisk (*), the widget displays incorrect data. Only fields that constrain
connection summaries can constrain custom analysis dashboard widgets based on
connection events. Invalid searches are grayed out and cannot be selected.
asterisk (*), the widget displays incorrect data. Only fields that constrain
connection summaries can constrain custom analysis dashboard widgets based on
connection events. Invalid searches are grayed out and cannot be selected.
Show
whether you want to display the most frequently occurring events (
Top
) or the least
frequently occurring events (
Bottom
).
Results
the number of result rows you want to display.
You can display from 10 to 25 result rows, in increments of five.
Show Movers
whether you want to display the icons that indicate changes from the most recent
results.
results.
Time Zone
which time zone you want to use to display results.
The time zone appears whenever you select a time-based field.
Color
the color of the bars in the widget background that show the relative number of
occurrences of each result.
occurrences of each result.
Table 3-4
Custom Analysis Widget Preferences (continued)
Use this
preference...
preference...
To control...