Cisco Cisco FirePOWER Appliance 7010
16-14
FireSIGHT System User Guide
Chapter 16 Working with Connection & Security Intelligence Data
Working with Connection Graphs
Each table view or graph contains information about the connections or connection summaries you are
viewing, including timestamps, IP addresses, applications, and so on. The information available for any
individual connection detected by the FireSIGHT System depends on several factors, including detection
method and logging options. For more information, see
viewing, including timestamps, IP addresses, applications, and so on. The information available for any
individual connection detected by the FireSIGHT System depends on several factors, including detection
method and logging options. For more information, see
and
Tip
The Connection Summary dashboard can provide you with an at-a-glance view of the connections
logged by the system, and the Summary Dashboard displays Security Intelligence event data. For more
information, see
logged by the system, and the Summary Dashboard displays Security Intelligence event data. For more
information, see
.
To view connection or Security Intelligence data:
Access:
Admin/Any Security Analyst
Step 1
You have two options:
•
To view connection events, select
Analysis > Connections > Events
.
•
To view Security Intelligence events, select
Analysis > Connections > Security Intelligence Events
.
The first page of the default connection or Security Intelligence workflow appears. For connection
events, there are two possibilities:
events, there are two possibilities:
•
The workflow page displays a graph. See
information on the actions you can perform.
•
The workflow page displays a table. See
for information on the actions you can perform.
For Security Intelligence events, the workflow page displays a table.
To use a different workflow, including a custom workflow, click
(switch workflow)
by the workflow title.
For information on specifying a different default workflow, see
. If no events appear, you may need to adjust the time range; see
.
Working with Connection Graphs
License:
Any
One of the ways the system can present connection data is graphically. There are three different types of
connection graphs: line graphs, bar graphs, and pie charts. Bar graphs and line graphs can display
multiple datasets; that is, they can display several values on the y-axis for each x-axis data point.
connection graphs: line graphs, bar graphs, and pie charts. Bar graphs and line graphs can display
multiple datasets; that is, they can display several values on the y-axis for each x-axis data point.
You can manipulate connection graphs in various ways, including:
•
changing the type of data that the graph displays
•
switching between graph types
•
constraining the graph so it shows data for specific time ranges, hosts, applications, ports, and
devices
devices