Cisco Cisco Firepower Management Center 4000

Admin/Any Security Analyst/Discovery Admin 

Select 

.

The first page of the default white list events workflow appears. To use a different workflow, including 
a custom workflow, click 

.by the workflow title. For information on specifying a 

different default workflow, see 

. If no events appear, you 

may need to adjust the time range; see 

.

FireSIGHT

You can use the correlation policy feature to build correlation policies that let the system respond in real 
time to threats on your network. Correlation policies describe the type of activity that constitutes a policy 
violation, which include compliance white list violations. For more information on correlation policies, 
see 

drill down to the next page in the 
workflow, constraining on a specific 
value

use one of the following methods:

on a drill-down page that you created in a custom workflow, click a value within 
a row. Note that clicking a value within a row in a table view constrains the table 
view and does not drill down to the next page.

To drill down to the next workflow page constraining on some users, select the 
check boxes next to the users you want to view on the next workflow page, then 
click 

.

To drill down to the next workflow page keeping the current constraints, click 

.

Table views always include “Table View” in the page name.

For more information, see 

delete white list events from the 
system

use one of the following methods:

To delete some events, select the check boxes next to the events you want to 
delete, then click 

.

To delete all events in the current constrained view, click 

, then confirm 

you want to delete all the events.

navigate to other event views to view 
associated events

find more information in 

.