Cisco Cisco FirePOWER Appliance 8250
46-2
FireSIGHT System User Guide
Chapter 46 Using Custom Tables
Understanding Custom Tables
Understanding Possible Table Combinations
License:
FireSIGHT + Protection
When you create a custom table, you can combine fields from predefined tables that have related data.
The following table lists the predefined tables you can combine to create a new custom table. Keep in
mind that you can create a custom table that combines fields from more than two predefined custom
tables.
The following table lists the predefined tables you can combine to create a new custom table. Keep in
mind that you can create a custom table that combines fields from more than two predefined custom
tables.
Table 46-1
System-Defined Custom Tables
Table
Description
Hosts with Servers
Includes fields from the Hosts and Servers tables, providing you with
information about the detected applications running on your network,
as well as basic operating system information about the hosts running
those applications.
information about the detected applications running on your network,
as well as basic operating system information about the hosts running
those applications.
Intrusion Events with
Destination Criticality
Destination Criticality
Includes fields from the Intrusion Events table and the Hosts table,
providing you with information on the intrusion events, as well as the
host criticality of the destination host involved in each intrusion
event.
providing you with information on the intrusion events, as well as the
host criticality of the destination host involved in each intrusion
event.
Tip
Use this table to search for intrusion events involving
destination hosts with high host criticality.
destination hosts with high host criticality.
Intrusion Events with Source
Criticality
Criticality
Includes fields from the Intrusion Events table and the Hosts table,
providing you with information on the intrusion events and the host
criticality of the source host involved in each intrusion event.
providing you with information on the intrusion events and the host
criticality of the source host involved in each intrusion event.
Tip
Use this table to search for intrusion events involving source
hosts with high host criticality.
hosts with high host criticality.
Table 46-2
Custom Table Combinations
You can combine fields from...
With fields from...
Applications
•
Correlation Events
•
Intrusion Events
•
Connection Summary Data
•
Host Attributes
•
Application Details
•
Discovery Events
•
Connection Events
•
Hosts
•
Servers
•
White List Events
Correlation Events
•
Applications
•
Host Attributes
•
Hosts