Cisco Cisco Firepower Management Center 4000

You can view summary information from the event icon by hovering your pointer over the event icon 
(

). The displayed summary information matches the information displayed in the Events table. The 

following screenshot shows an event icon’s summary information:

If you click any event summary information link, the first page of the File Events default workflow 
appears in a new window with all the extra events constrained based on the file type the File Summary 
event view opens in a new window, displaying all file events that match on the criteria value you clicked.

To locate the first time a file event occurred involving an IP address, click the address. This highlights a 
path to that data point, as well as any intervening file events and IP addresses related to the first file 
event. The corresponding event in the Events table is also highlighted. The map scrolls to that data point 
if not currently visible. The following screenshot shows the path highlighted after clicking an IP address:

To track a file’s progress through the network, you can click any data point to highlight a path that 
includes all data points related to the selected data point. This includes data points associated with the 
following types of events:

any file transfers in which the associated IP address was either sender or receiver

any endpoint-based malware events involving the associated IP address

if another IP address was involved, all file transfers in which that associated IP address was either 
sender or receiver