Cisco Cisco FirePOWER Appliance 8250
B-1
FireSIGHT System User Guide
A P P E N D I X
B
Purging Discovery Data from the Database
You can use the Discovery Data Purge page to purge files from the network discovery and user discovery
event databases. Note that when you purge a database, the appropriate process is restarted.
event databases. Note that when you purge a database, the appropriate process is restarted.
Caution
Purging a database removes the data you specify from the Defense Center. After the data is deleted, it
cannot be recovered.
cannot be recovered.
To purge the network and user discovery database:
Access:
Admin/Any Security Analyst
Step 1
Select
System > Tools > Data Purge
.
The Data Purge page appears.
Step 2
Under
Network Discovery
, perform any or all of the following:
•
Select
Network Discovery Events
to remove all network discovery events from the database.
•
Select
Hosts
to remove all hosts and Indications of Compromise flags from the database.
•
Select
User Activity
to remove all user events from the database.
•
Select
User Identities
to remove all user login and user history data from the database.
Step 3
Under
Connections
, perform any or all of the following:
•
Select
Connection Events
to remove all connection data from the database.
•
Select
Connection Summary Events
to remove all connection summary data from the database.
•
Select
Security Intelligence Events
to remove all Security Intelligence data from the database.
Note
Selecting
Connection Events
does not remove Security Intelligence events; connections with
Security Intelligence data will still appear in the Security Intelligence event viewer.
Correspondingly, selecting
Correspondingly, selecting
Security Intelligence Events
does not remove connection events with
associated Security Intelligence data.
Step 4
Click
Purge Selected Events
.
The items are purged and the appropriate processes are restarted.