Cisco Cisco FirePOWER Appliance 8130
45-2
FireSIGHT System User Guide
Chapter 45 Searching for Events
Performing and Saving Searches
Note
To search a custom table, follow a slightly different procedure; see
.
Performing a Search
License:
Any
For some event types, the FireSIGHT System provides predefined searches that serve as examples and
can provide quick access to important information about your network. You can modify fields within the
predefined searches for your network environment, then save the searches to reuse later. You can also
use your own search criteria.
can provide quick access to important information about your network. You can modify fields within the
predefined searches for your network environment, then save the searches to reuse later. You can also
use your own search criteria.
To perform a search:
Access:
Admin/Any Security Analyst
Step 1
Select
Analysis > Search
.
The Search page appears.
Step 2
From the
Table
drop-down list, select the type of event or data you want to search for
The page reloads with the appropriate search constraints.
Step 3
Optionally, if you want to save the search, enter a name for it in the
Name
field.
If you do not enter a name, a name is created automatically when you save the search.
Step 4
Enter your search criteria in the appropriate fields.
•
All fields accept negation (
!
).
•
All fields accept comma-separated lists. If you enter multiple criteria, the search returns only the
records that match all the criteria.
records that match all the criteria.
•
Many fields accept one or more asterisks (
*
) as wild cards.
•
Specify
n/a
in any field to identify events where information is not available for that field; use
!n/a
to identify the events where that field is populated.
•
Click the add object icon (
) that appears next to a search field to use an object as a search
criterion.
Step 5
See the following sections for detailed information on the search criteria you can use:
•
•
•
•
•
•
•
•
•
•