Cisco Cisco FirePOWER Appliance 7010
C H A P T E R
47-1
FireSIGHT System User Guide
47
Understanding and Using Workflows
A workflow is a tailored series of data pages on the Defense Center web interface that analysts can use
to evaluate events generated by the system. The Defense Center provides three types of workflows:
to evaluate events generated by the system. The Defense Center provides three types of workflows:
•
Predefined workflows, which are preset workflows installed on the system that you cannot modify
or delete.
or delete.
•
Saved custom workflows, which are predefined custom workflows that you can modify or delete.
•
Custom workflows, which are workflows that you create and customize for your specific needs.
For example, when you analyze intrusion events, you can choose from several predefined workflows
specifically created for the task.
specifically created for the task.
Note that the data displayed in a workflow often depends on such factors as how you license and deploy
your managed devices, whether you configure features that provide the data and, in the case of Series 2
appliances, whether the appliance supports a feature that provides the data. For example, because neither
the DC500 Defense Center nor Series 2 devices support URL filtering by category and reputation, the
DC500 Defense Center does not display data for this feature and Series 2 devices do not detect this data.
your managed devices, whether you configure features that provide the data and, in the case of Series 2
appliances, whether the appliance supports a feature that provides the data. For example, because neither
the DC500 Defense Center nor Series 2 devices support URL filtering by category and reputation, the
DC500 Defense Center does not display data for this feature and Series 2 devices do not detect this data.
See the following sections for more information about using predefined and custom workflows:
•
•
•
Tip
You can also use custom workflows as the basis for event reports. See
for more information.
Components of a Workflow
License:
Any
Workflows can include several types of pages, as described in the following sections.
Table Views
Table views include a column for each of the fields in the database on which your workflow is based.
For example, the table view of discovery events includes the Time, Event, IP Address, User, MAC
Address, MAC Vendor, Port, Description, and Device columns.
Address, MAC Vendor, Port, Description, and Device columns.