Cisco Cisco FirePOWER Appliance 8370
46-6
FireSIGHT System User Guide
Chapter 46 Using Custom Tables
Creating a Custom Table
If you view the table view of events for this custom table, it displays correlation events, one per row. The
following information is included:
following information is included:
•
the date and time the event was generated
•
the name of the correlation policy that was violated
•
the name of the rule that triggered the violation
•
the IP address associated with the source, or initiating, host involved in the correlation event
•
the source host’s NetBIOS name
•
the operating system and version the source host is running
•
the source host criticality
Tip
You could create a similar custom table that displays the same information for destination, or
responding, hosts.
responding, hosts.
To build the custom table in the previous example:
Access:
Admin
Step 1
Select
Analysis > Custom > Custom Tables
.