Cisco Cisco FirePOWER Appliance 8250
3-11
FireSIGHT System User Guide
Chapter 3 Using Dashboards
Understanding the Predefined Widgets
•
click the host icon (
) or compromised host icon (
) next to any IP address to view the host
profile for the associated machine; see
(Defense Center with network
discovery only)
•
click any IP address or access time to view the audit log constrained by that IP address and by the
time that the user associated with that IP address logged on to the web interface; see
time that the user associated with that IP address logged on to the web interface; see
The widget preferences control how often the widget updates. For more information, see
.
Understanding the Custom Analysis Widget
License:
Any
The Custom Analysis widget is a highly customizable widget that allows you to display detailed
information on the events collected and generated by the FireSIGHT System.
information on the events collected and generated by the FireSIGHT System.
The Custom Analysis widget is delivered with numerous widget presets, which are groups of
configurations that are predefined by Cisco. The presets serve as examples and can provide quick access
to information about your deployment. You can use these presets or create a custom configuration.
configurations that are predefined by Cisco. The presets serve as examples and can provide quick access
to information about your deployment. You can use these presets or create a custom configuration.
When you configure the widget preferences, you must select which table and individual field you want
to display, as well as the aggregation method that configures how the widget groups the data it displays.
to display, as well as the aggregation method that configures how the widget groups the data it displays.
For example, you can configure the Custom Analysis widget to display a list of recent intrusion events
by configuring the widget to display data from the
by configuring the widget to display data from the
Intrusion Events
table. Selecting the
Classification
field
and aggregating this data by
Count
tells you how many events of each type were generated. Note that the
count includes reviewed events for intrusion events; if you view the count in an event viewer it will not
include reviewed events.
include reviewed events.
On the other hand, aggregating by
Unique Events
tells you how many unique intrusion events of each type
have occurred (for example, how many detections of network trojans, potential violations of corporate
policy, attempted denial-of-service attacks, and so on).
policy, attempted denial-of-service attacks, and so on).