Cisco Cisco FirePOWER Appliance 8360

Page of 1844
 
4-39
FireSIGHT System User Guide
 
Chapter 4      Using the Context Explorer
  Working with Filters in the Context Explorer
To clear all filters:
Access: 
Admin/Any Security Analyst
Step 1
Click the 
Clear
 button that appears to the right of the filter widgets.
All filters are cleared.
Note that this button does not appear if no filters have been created.
Creating Filters with the Context Menu
License: 
FireSIGHT
While exploring Context Explorer graph and list data, you can click on data points, then use the context 
menu to quickly create a filter based on that data, either inclusive or exclusive. If you use the context 
menu to filter on information of data type Application, User, or Intrusion Event Message, or any 
individual host, the filter widget includes a widget information icon that links to the relevant detail page 
for that data type (such as Application Detail for application data). Note that you cannot filter on URL 
data.
You can also use the context menu to investigate specific graph or list data in more detail. For 
information, see 
To create a filter from the context menu:
Access: 
Admin/Any Security Analyst
Step 1
Select 
Analysis > Context Explorer
.
The Context Explorer appears.
Step 2
In any explorer section except Traffic and Intrusion Events over Time or sections that contain URL data, 
click a data point you want to filter on.
The context menu pop-up window appears nearby.
Step 3
You have two options:
  •
To add a filter for this data, click 
Add Filter
.
The filter is added and its widget appears at upper left.
  •
To add an exclusion filter for this data, click 
Add Exclude Filter
. The filter, when applied, displays all 
data not associated with the excluded value.
The filter is added and its widget appears at upper left. Exclude filters display an exclamation point 
before the filter value.
To view filter detail:
Access: 
Admin/Any Security Analyst
Step 1
Click the information icon (
) on any eligible filter widget.