Cisco Cisco FirePOWER Appliance 8360
4-20
FireSIGHT System User Guide
Chapter 4 Using the Context Explorer
Understanding the Context Explorer
Hover your pointer over any part of the graph to view more detailed information. Click any part of the
graph to filter or drill down on that information.
graph to filter or drill down on that information.
Tip
To constrain the graph so it displays only traffic by egress security zone, hover your pointer over the
graph, then click
graph, then click
Egress
on the toggle button that appears. Click
Ingress
to return to the default view. Note
that navigating away from the Context Explorer also returns the graph to the default Ingress view.
This graph draws data primarily from the Intrusion Events table.
You can configure this graph to display either ingress (the default) or egress security zone information,
according to your needs.
according to your needs.
Viewing the Intrusion Event Details List
License:
Protection
At the bottom of the Intrusion Information section is the Intrusion Event Details List, a table that
provides classification, estimated priority, and event count information for each intrusion event detected
on your monitored network. The events are listed in descending order of event count.
provides classification, estimated priority, and event count information for each intrusion event detected
on your monitored network. The events are listed in descending order of event count.
The Intrusion Event Details List table is not sortable, but you can click on any table entry to filter or drill
down on that information. This table draws data primarily from the Intrusion Events table.
down on that information. This table draws data primarily from the Intrusion Events table.
Understanding the Files Information Section
License:
Protection or Malware
Supported Devices:
feature dependent
Supported Defense Centers:
feature dependent
The Files Information section of the Context Explorer contains six interactive graphs that display an
overall picture of file and malware events on your monitored network. Five of the graphs display the file
types, file names, and malware dispositions of the files detected in network traffic, as well as the hosts
sending (uploading) and receiving (downloading) those files. The final graph displays the malware
threats detected on your network and, if you have a FireAMP subscription, on the endpoints where your
users installed FireAMP Connectors.
overall picture of file and malware events on your monitored network. Five of the graphs display the file
types, file names, and malware dispositions of the files detected in network traffic, as well as the hosts
sending (uploading) and receiving (downloading) those files. The final graph displays the malware
threats detected on your network and, if you have a FireAMP subscription, on the endpoints where your
users installed FireAMP Connectors.
Note
If you filter on intrusion information, the entire Files Information Section is hidden.
Note that you must have a Malware license and enable malware detection for Files Information graphs
to include network-based malware data. Note also that neither the DC500 Defense Center nor Series 2
devices support advanced malware detection, so the DC500 Defense Center cannot display this data and
Series 2 devices do not detect it. See
to include network-based malware data. Note also that neither the DC500 Defense Center nor Series 2
devices support advanced malware detection, so the DC500 Defense Center cannot display this data and
Series 2 devices do not detect it. See
.
For more information on the graphs in the Files Information section, see the following topics:
•
•
•
•
•