Manualsbrain.com
  1. Manuals
  2. Brands
  3. Cisco
  4. Cisco Firepower Management Center 4000

Cisco Cisco Firepower Management Center 4000

Download
Page of 1844
 
34-27
FireSIGHT System User Guide
 
Chapter 34      Analyzing Malware and File Activity
  Working with Captured Files
To search for captured files:
Access: 
Admin/Any Security Analyst 
Step 1
Select 
Analysis > Search
.
The Search page appears.
Step 2
From the 
Table
 drop-down list, select 
Captured Files
.
The page reloads with the appropriate constraints.
Step 3
Optionally, if you want to save the search, enter a name for the search in the 
Name
 field.
If you do not enter a name, one is created automatically when you save the search.
Step 4
Enter your search criteria in the appropriate fields.
See the 
 table for information on the fields in the captured files table.
Step 5
If you want to save the search so that other users can access it, clear the 
Save As Private
 check box. 
Otherwise, leave the check box selected to save the search as private.
If you want to use the search as a data restriction for a custom user role, you must save it as a private 
search.
Step 6
You have the following options:
  •
Click 
Search
 to start the search.
Your search results appear in your default captured file workflow, constrained by the current time 
range.
  •
Click 
Save
 if you are modifying an existing search and want to save your changes.
Table 34-7
Captured Files Special Search Syntax 
Search Criterion
Special Syntax
Storage Status
Specify one or more of the following:
  •
File Stored
 - returns all captured files stored on the device 
  •
Unable to Store File
 - returns all captured files not stored on the device
Dynamic Analysis Status
Specify one or more of the following:
  •
Sent for Analysis
 - returns all captured files queued for dynamic analysis
  •
Not Sent for Analysis
 - returns all captured files not submitted for dynamic analysis
  •
Analysis Complete
 - returns all captured files submitted for dynamic analysis that received 
a threat score and dynamic analysis summary report 
  •
Previously Analyzed 
- returns all files with a cached threat score that a user tried to submit 
for dynamic analysis again
  •
Failure (Analysis Timeout)
 - returns all captured files submitted for dynamic analysis 
for which the cloud has yet to return a result
  •
Failure (Network Issue)
 - returns all files that did not get submitted for dynamic analysis 
due to a network connectivity failure
  •
Failure (Cannot Run File)
 - returns all files submitted for dynamic analysis that the cloud 
could not run in the test environment