Cisco Cisco FirePOWER Appliance 8390
4-26
FireSIGHT System User Guide
Chapter 4 Using the Context Explorer
Understanding the Context Explorer
Hover your pointer over any part of the graph to view more detailed information. Click any part of the
graph to filter or drill down on that information.
graph to filter or drill down on that information.
Note that you must have a Malware license and enable malware detection for this graph to include
network-based malware data. Note also that neither the DC500 Defense Center nor Series 2 devices
support advanced malware detection, so the DC500 Defense Center cannot display this data and Series 2
devices do not detect it. See
network-based malware data. Note also that neither the DC500 Defense Center nor Series 2 devices
support advanced malware detection, so the DC500 Defense Center cannot display this data and Series 2
devices do not detect it. See
This graph draws data primarily from the File Events and Malware Events tables.
Understanding the Geolocation Information Section
License:
FireSIGHT
Supported Defense Centers:
Any except DC500
The Geolocation Information section of the Context Explorer contains three interactive donut graphs that
display an overall picture of countries with which hosts on your monitored network are exchanging data:
unique connections by initiator or responder country, intrusion events by source or destination country,
and file events by sending or receiving country.
display an overall picture of countries with which hosts on your monitored network are exchanging data:
unique connections by initiator or responder country, intrusion events by source or destination country,
and file events by sending or receiving country.
For more information on the graphs in the Geolocation Information section, see the following topics:
•
•
•
Viewing the Connections by Initiator/Responder Country Graph
License:
FireSIGHT
Supported Defense Centers:
Any except DC500
The Connections by Initiator/Responder Country graph, in donut form, displays a proportional view of
the countries involved in connections on your network as either the initiator (the default) or the
responder. The inner ring groups these countries together by continent. For information about
geolocation information, see
the countries involved in connections on your network as either the initiator (the default) or the
responder. The inner ring groups these countries together by continent. For information about
geolocation information, see
. For information about connection data, see