Cisco Cisco Firepower Management Center 4000

For detailed information on search syntax, including using objects in searches, see 

.

To supplement the general search syntax listed above, the following table describes some special search 
syntax for file events.

Admin/Any Security Analyst 

Select 

.

The Search page appears.

From the 

 drop-down list, select 

.

The page reloads with the appropriate constraints.

Optionally, if you want to save the search, enter a name for the search in the 

 field.

If you do not enter a name, one is created automatically when you save the search.

Enter your search criteria in the appropriate fields.

See the 

 table for information on the fields in the file events table.

If you want to save the search so that other users can access it, clear the 

 check box. 

Otherwise, leave the check box selected to save the search as private.

If you want to use the search as a data restriction for a custom user role, you must save it as a private 
search.

You have the following options:

Click 

 to start the search.

Sending/Receiving Continent The system returns all events where either the 

 or the 

 matches the continent you specify.

Sending/Receiving Country

The system returns all events where either the 

 or the 

 matches the country you specify.

Sending/Receiving IP

The system returns all events where either the 

 or the 

 matches the IP address you specify.

URI or Message

The system performs a partial match, that is, you can search for all or 
part of the field contents without using asterisks.

File Storage

Specify one or more of the following:

Stored

 - returns all events where the associated file is currently 

stored

Stored in connection

 - returns all events where the system 

captured and stored the associated file, regardless of whether the 
associated file is currently stored

Failed

 - returns all events where the system failed to store the 

associated file