Cisco Cisco FirePOWER Appliance 8250
58-5
FireSIGHT System User Guide
Chapter 58 Specifying User Preferences
Configuring Event View Settings
•
The
Show Zip File Password
check box toggles displaying plain text or obfuscated characters in the
Zip File Password
field. When this field is cleared, the
Zip File Password
displays obfuscated characters.
Default Time Windows
License:
Any
The time window, sometimes called the time range, imposes a time constraint on the events in any event
view. Use the Default Time Windows section of the Event View Settings page to control the default
behavior of the time window.
view. Use the Default Time Windows section of the Event View Settings page to control the default
behavior of the time window.
User role access to this section is as follows:
•
Administrators and Maintenance Users can access the full section.
•
Security Analysts and Security Analysts (Read Only) can access all options except
Audit Log Time
Window
.
•
Access Admins, Discovery Admins, External Database Users, Intrusion Admins, Network Admins,
and Security Approvers can access only the
and Security Approvers can access only the
Events Time Window
option.
Note that, regardless of the default time window setting, you can always manually change the time
window for individual event views during your event analysis. Also, keep in mind that time window
settings are valid for only the current session. When you log out and then log back in, time windows are
reset to the defaults you configured on this page. For more information, see
window for individual event views during your event analysis. Also, keep in mind that time window
settings are valid for only the current session. When you log out and then log back in, time windows are
reset to the defaults you configured on this page. For more information, see
.
There are three types of events for which you can set the default time window:
•
The
Events Time Window
sets a single default time window for most events that can be constrained by
time.
•
The
Audit Log Time Window
sets the default time window for the audit log.
•
The
Health Monitoring Time Window
sets the default time window for health events.
You can only set time windows for event types your user account can access. All user types can set event
time windows. Administrators, Maintenance Users, and Security Analysts can set health monitoring time
windows. Administrators and Maintenance Users can set audit log time windows.
time windows. Administrators, Maintenance Users, and Security Analysts can set health monitoring time
windows. Administrators and Maintenance Users can set audit log time windows.
Note that because not all event views can be constrained by time, time window settings have no effect
on event views that display hosts, host attributes, applications, clients, vulnerabilities, user identity, or
white list violations.
on event views that display hosts, host attributes, applications, clients, vulnerabilities, user identity, or
white list violations.
You can either use
Multiple
time windows, one for each of these types of events, or you can use a
Single
time window that applies to all events. If you use a single time window, the settings for the three types
of time window disappear and a new
of time window disappear and a new
Global Time Window
setting appears.
There are three types of time window:
•
static, which displays all the events generated from a specific start time to a specific end time
•
expanding, which displays all the events generated from a specific start time to the present; as time
moves forward, the time window expands and new events are added to the event view
moves forward, the time window expands and new events are added to the event view
•
sliding, which displays all the events generated from a specific start time (for example, one day ago)
to the present; as time moves forward, the time window “slides” so that you see only the events for
the range you configured (in this example, for the last day)
to the present; as time moves forward, the time window “slides” so that you see only the events for
the range you configured (in this example, for the last day)
The maximum time range for all time windows is from midnight on January 1, 1970 (UTC) to 3:14:07
AM on January 19, 2038 (UTC).
AM on January 19, 2038 (UTC).
The following options appear in the
Time Window Settings
drop-down list: