Cisco Cisco FirePOWER Appliance 7010
58-4
FireSIGHT System User Guide
Chapter 58 Specifying User Preferences
Configuring Event View Settings
Use the Event Preferences section of the Event View Settings page to configure basic characteristics of
event views in the FireSIGHT System. This section is available for all user roles, although it has little to
no significance for users who cannot view events.
event views in the FireSIGHT System. This section is available for all user roles, although it has little to
no significance for users who cannot view events.
The following fields appear in the Event Preferences section:
•
The
Confirm “All” Actions
field controls whether the appliance forces you to confirm actions that affect
all events in an event view.
For example, if this setting is enabled and you click
Delete All
on an event view, you must confirm
that you want to delete all the events that meet the current constraints (including events not displayed
on the current page) before the appliance will delete them from the database.
on the current page) before the appliance will delete them from the database.
•
The
Resolve IP Addresses
field allows the appliance, whenever possible, to display host names instead
of IP addresses in event views.
Note that an event view may be slow to display if it contains a large number of IP addresses and you
have enabled this option. Note also that for this setting to take effect, you must have a DNS server
configured in the system settings; see
have enabled this option. Note also that for this setting to take effect, you must have a DNS server
configured in the system settings; see
.
•
The
Rows Per Page
field controls how many rows of events per page you want to appear in drill-down
pages and table views.
•
The
Refresh Interval
field sets the refresh interval for event views in minutes. Entering “0” disables
the refresh option. Note that this interval does not apply to dashboards.
File Preferences
License:
Any
Supported Devices:
feature dependent
Supported Defense Centers:
feature dependent
Use the File Preferences section of the Event View Settings page to configure basic characteristics of
local file downloads. This section is only available to users with the Administrator, Security Analyst, or
Security Analyst (Read Only) user roles.
local file downloads. This section is only available to users with the Administrator, Security Analyst, or
Security Analyst (Read Only) user roles.
Note that if your appliance does not support downloading captured files, these options are disabled.
Because you cannot use a Malware license with a DC500, you cannot use those appliances to download
files or modify these options.
Because you cannot use a Malware license with a DC500, you cannot use those appliances to download
files or modify these options.
The following fields appear in the File Preferences section:
•
The
Confirm ‘Download File’ Actions
check box controls whether a File Download pop-up window
appears each time you download a file, displaying a warning and prompting you to continue or
cancel.
cancel.
Caution
Cisco strongly recommends you do not download malware, as it can cause adverse consequences.
Exercise caution when downloading any file, as it may contain malware. Ensure you have taken any
necessary precautions to secure the download destination before downloading files.
Exercise caution when downloading any file, as it may contain malware. Ensure you have taken any
necessary precautions to secure the download destination before downloading files.
Note that you can disable this option any time you download a file. For more information on
downloading files, see
downloading files, see
.
•
When you download a captured file, the system creates a password-protected .zip archive containing
the file. The
the file. The
Zip File Password
field defines the password you want to use to restrict access to the .zip
file. If you leave this field blank, the system creates archive files without passwords.