Cisco Cisco Firepower Management Center 4000

Malware

Using the Defense Center’s Search page, you can search for specific captured files, display the results 
in the event viewer, and save your search criteria to reuse later. Custom Analysis dashboard widgets, 
report templates, and custom user roles can also use saved searches.

Keep in mind that your search results depend on the available data in the events you are searching. In 
other words, depending on the available data, your search constraints may not apply. For example, if a 
file has never been submitted for dynamic analysis, it may not have an associated threat score.

Note that because the DC500 does not support geolocation, searches using these fields from a DC500 
return no results.

The system displays examples of valid syntax next to each search field. When entering search criteria, 
keep the following points in mind:

All fields accept negation (

!

).

All fields accept comma-separated lists. If you enter multiple criteria, the search returns only the 
records that match all the criteria.

Many fields accept one or more asterisks (

*

) as wild cards.

Specify 

n/a

 in any field to identify events where information is not available for that field; use 

!n/a

 

to identify the events where that field is populated.

Click the add object icon (

) that appears next to a search field to use an object as a search 

criterion.

For detailed information on search syntax, including using objects in searches, see 

.

To supplement the general search syntax listed above, the following table describes some special search 
syntax for captured files.