Cisco Cisco FirePOWER Appliance 8250
C H A P T E R
45-1
FireSIGHT System User Guide
45
Searching for Events
Cisco appliances generate information that is stored as events in database tables. Events contain multiple
fields that describe the activity that caused the appliance to generate the event.
fields that describe the activity that caused the appliance to generate the event.
The FireSIGHT System provides predefined searches that serve as examples and can provide quick
access to important information about your network. You can modify fields within the predefined
searches for your network environment, then save the searches to reuse later. You can also use your own
search criteria.
access to important information about your network. You can modify fields within the predefined
searches for your network environment, then save the searches to reuse later. You can also use your own
search criteria.
The search criteria you can use depends on the type of search, but the mechanics are the same. See the
following sections for more information on how to perform a search and on the correct syntax to use in
search fields:
following sections for more information on how to perform a search and on the correct syntax to use in
search fields:
•
•
•
•
•
•
•
Performing and Saving Searches
License:
Any
You can create and save searches for any of the different event types. When you create a search you give
it a name and specify whether the search will be available to you alone or to all users of the appliance.
If you want to use the search as a data restriction for a custom user role, you must save it as a private
search.
it a name and specify whether the search will be available to you alone or to all users of the appliance.
If you want to use the search as a data restriction for a custom user role, you must save it as a private
search.
For more information, see the following sections:
•
•
•