Cisco Cisco Firepower Management Center 4000

For more information, see 

.

Note that the Snort ID column does not appear in search results; the SID of the events you are 
viewing is listed in the Message column.

Specify the User ID for a user logged in to the source host.

Specify the User ID for a user logged in to the destination host.

Specify the User ID for a user logged in to the source or destination host.

Type the name of the application protocol, which represents communications between hosts, 
detected in the traffic that triggered the intrusion event.

Type the name of the client application, which represents software running on the monitored host 
detected in the traffic that triggered the intrusion event.

Type the name of the web application, which represents the content or requested URL for HTTP 
traffic detected in the traffic that triggered the intrusion event.

Type a category or tag associated with the application detected in the session. Use a commas to 
separate multiple categories or tags. These fields are case-insensitive.

Type the highest risk associated with the application detected in the session. Valid criteria are: 

Very 

High

, 

High

, 

Medium

, 

Low

, and 

Very Low

. These fields are case-insensitive.

Type the lowest business relevance associated with an application detected in the session. Valid 
criteria are: 

Very High

, 

High

, 

Medium

, 

Low

, and 

Very Low

. These fields are case-insensitive.

greater than or equal to a SID

>=10000

less than a SID

<10000

less than or equal to a SID

<=10000

a comma-separated list of SIDs

10000,11000,12000

a single GID:SID combination

1:10000

a comma-separated list of GID:SID combinations

1:10000,1:11000,1:12000

a comma-separated list of SIDs and GID:SID combinations

10000,1:11000,12000