Cisco Cisco Firepower Management Center 4000

Admin/Intrusion Admin

Select 

.

The first page of the default intrusion events workflow appears. For information on specifying a different 
default workflow, see 

. If no events appear, you may need 

to adjust the time range; see 

.

Constrain the event view to view only those events that you want to evaluate.

For more information, see 

At the top of the page, click 

.

The table view of events appears. 

can have any of the values described in the 

 table.

To sort the table by impact level, click 

. 

The events are sorted by impact level.

Unknown

gray

Neither the source nor the destination host is on a 
network that is monitored by network discovery.

Vulnerable

red

Either:

the source or the destination host is in the 
network map, and a vulnerability is mapped to 
the host

the source or destination host is potentially 
compromised by a virus, trojan, or other piece 
of malicious software; see 

 for more information

Potentially 
Vulnerable

orange

Either the source or the destination host is in the 
network map and one of the following is true:

for port-oriented traffic, the port is running a 
server application protocol

for non-port-oriented traffic, the host uses the 
protocol

Currently Not 
Vulnerable

yellow

Either the source or the destination host is in the 
network map and one of the following is true:

for port-oriented traffic (for example, TCP or 
UDP), the port is not open

for non-port-oriented traffic (for example, 
ICMP), the host does not use the protocol 

Unknown Target

blue

Either the source or destination host is on a 
monitored network, but there is no entry for the 
host in the network map.