Cisco Cisco Firepower Management Center 4000

If you do not enter a name, one is created automatically when you save the search.

Enter your search criteria in the appropriate fields.

See the 

 table for information on the fields in the malware events table.

If you want to save the search so that other users can access it, clear the 

 check box. 

Otherwise, leave the check box selected to save the search as private.

If you want to use the search as a data restriction for a custom user role, you must save it as a private 
search.

You have the following options:

Click 

 to start the search.

Your search results appear in your default malware events workflow, constrained by the current time 
range.

Click 

 if you are modifying an existing search and want to save your changes.

Click 

 to save the search criteria. The search is saved (and associated with your 

user account if you selected 

).

Malware

Any except Series 2

Any except DC500

The system logs when a managed device captures a file detected in network traffic according to the rules 
in currently applied file policies. From the event viewer, you can view information associated with the 
captured file, such as the most recent file name associated with the SHA-256 value, the file disposition 
and threat score, the file storage status, and whether the file was manually submitted for dynamic 
analysis.

Files captured by a device containing malware generate both a file event and a malware event, as 
malware must be detected before it is captured. For more information, see 

 and 

You can use the Defense Center’s event viewer to view and search captured files, as well as submit 
captured files for dynamic analysis. Additionally, the Files Dashboard provides an at-a-glance view of 
detailed information about the files (including malware files) detected on your network, using charts and 
graphs. 

For more information, see: