Cisco Cisco FirePOWER Appliance 8390
18-5
FireSIGHT System User Guide
Chapter 18 Working with Intrusion Events
Viewing Intrusion Event Performance
Generating Intrusion Event Performance Statistics Graphs
License:
Protection
You can generate graphs that depict performance statistics for a Defense Center or a managed device
based on the number of events per second, megabits per second, average bytes per packet, percent of
packets uninspected by Snort, and the number of packets blocked as the result of TCP normalization.
based on the number of events per second, megabits per second, average bytes per packet, percent of
packets uninspected by Snort, and the number of packets blocked as the result of TCP normalization.
Note
New data is accumulated for statistics graphs every five minutes. Therefore, if you reload a graph
quickly, the data may not change until the next five-minute increment occurs.
quickly, the data may not change until the next five-minute increment occurs.
The following table lists the available graph types.
To generate intrusion event performance graphs:
Access:
Admin/Maint
Step 1
Select
Overview > Summary > Intrusion Event Performance
.
The Intrusion Event Performance page appears.
Step 2
From the
Select Device
list, select the devices whose data you want to view.
Step 3
From the
Select Graph(s)
list, select the type of graph you want to create.
Step 4
From the
Select Time Range
list, select the time range you would like to use for the graph.
You can choose from last hour, last day, last week, or last month.
Step 5
Click
Graph
.
The graph appears, displaying the information you specified.
Step 6
To save the graph, right-click it and follow the instructions for your browser to save the image.
Table 18-1
Intrusion Event Performance Graph Types
Graph Type
Output
Events/Sec
The number of events per second generated on the device.
Mbits/Sec
The number of megabits per second of traffic that passes through the device.
Avg Bytes/Packet
The average number of bytes included in each packet.
Percent Packets
Dropped
Dropped
The average percentage of uninspected packets across all selected devices.
For example, if you select two devices, then an average of 50% may indicate
that one device has a 90% drop rate and the other has a 10% drop rate. It may
also indicate that both devices have a drop rate of 50%. The graph only
represents the total % drop when you select a single device.
For example, if you select two devices, then an average of 50% may indicate
that one device has a 90% drop rate and the other has a 10% drop rate. It may
also indicate that both devices have a drop rate of 50%. The graph only
represents the total % drop when you select a single device.
Blocked Packets
The number of packets blocked as the result of TCP normalization when the
inline normalization
inline normalization
Normalize TCP
option is enabled. See
for more information.