Cisco Cisco FirePOWER Appliance 8250
38-41
FireSIGHT System User Guide
Chapter 38 Working with Discovery Events
Working with Applications
Type
The type of application:
– Application Protocols
represent communications between hosts.
– Client Applications
represent software running on a host.
– Web Applications
represent the content or requested URL for HTTP traffic.
Count
The number of events that match the information that appears in each row. Note that the Count field
appears only after you apply a constraint that creates two or more identical rows.
appears only after you apply a constraint that creates two or more identical rows.
Searching for Applications
License:
FireSIGHT
You can search for hosts that are running specific clients, application protocols, or web applications. You
may want to create searches customized for your network environment, then save them to reuse later.
may want to create searches customized for your network environment, then save them to reuse later.
General Search Syntax
The system displays examples of valid syntax next to each search field. When entering search criteria,
keep the following points in mind:
keep the following points in mind:
•
All fields accept negation (
!
).
•
All fields accept comma-separated lists. If you enter multiple criteria, the search returns only the
records that match all the criteria.
records that match all the criteria.
•
Many fields accept one or more asterisks (
*
) as wild cards.
•
For some fields, you can specify
n/a
or
blank
in the field to identify events where information is not
available for that field; use
!n/a
or
!blank
to identify the events where that field is populated.
•
Most fields are case-insensitive.
•
IP addresses may be specified using CIDR notation. For information on entering IPv4 and IPv6
addresses in the FireSIGHT System, see
addresses in the FireSIGHT System, see
.
•
Click the add object icon (
) that appears next to a search field to use an object as a search
criterion.
For detailed information on search syntax, including using objects in searches, see
.
To search for applications:
Access:
Admin/Any Security Analyst
Step 1
Select
Analysis > Search
.
The Search page appears.
Step 2
From the
Table
drop-down list, select
Applications
.
The page reloads with the appropriate constraints.
Step 3
Optionally, if you want to save the search, enter a name for the search in the
Name
field.
If you do not enter a name, the Defense Center automatically creates one when you save the search.