Cisco Cisco FirePOWER Appliance 7030
47-8
FireSIGHT System User Guide
Chapter 47 Understanding and Using Workflows
Components of a Workflow
Predefined Security Intelligence Workflows
License:
Protection
Supported Devices:
Series 3, Virtual, X-Series, ASA FirePOWER
Supported Defense Centers:
Any except DC500
The following table describes the predefined Security Intelligence workflows included on the Defense
Center. All the predefined Security Intelligence workflows use the table view of Security Intelligence
events. For more information on accessing Security Intelligence event data, see
Center. All the predefined Security Intelligence workflows use the table view of Security Intelligence
events. For more information on accessing Security Intelligence event data, see
Predefined Host Workflows
License:
FireSIGHT
The following table describes the predefined workflows that you can use with host data.
Unique Initiators by
Responder
Responder
This workflow contains a graph of the 10 most active responding host IP addresses on the
monitored network segment, based on the number of unique initiators that contacted each
address.
monitored network segment, based on the number of unique initiators that contacted each
address.
Unique Responders by
Initiator
Initiator
This workflow contains a graph of the 10 most active initiating host IP addresses on the
monitored network segment, based on the number of unique responders that the addresses
contacted.
monitored network segment, based on the number of unique responders that the addresses
contacted.
Table 47-5
Predefined Connection Data Workflows (continued)
Workflow Name
Description
Table 47-6
Predefined Security Intelligence Workflows
Workflow Name
Description
Security Intelligence
Events
Events
This workflow provides a summary view of basic Security Intelligence and detected application
information, which you can then use to drill down to the table view of events.
information, which you can then use to drill down to the table view of events.
Security Intelligence
Summary
Summary
This workflow is identical to the Security Intelligence Events workflow, but begins with the
Security Intelligence Summary page, which lists security intelligence events by category and
count only.
Security Intelligence Summary page, which lists security intelligence events by category and
count only.