Cisco Cisco FirePOWER Appliance 8130
45-4
FireSIGHT System User Guide
Chapter 45 Searching for Events
Using Wildcards and Symbols in Searches
•
From any page on a workflow, click
Search
.
•
Select
Analysis > Search
, then select the type of events you want to search for.
The Search page appears.
Step 2
From the list of saved searches on the left of the page, select the search you want to load and click
Load
.
Settings from the saved search populates the search constraints fields.
Step 3
Optionally, change the search constraints.
Step 4
Click
Search
.
The events that match your search constraints appear.
Deleting a Saved Search
License:
Any
If you have saved searches, you can delete them from the Search page.
To delete a saved search:
Access:
Admin/Any Security Analyst
Step 1
You have two options:
•
From any page on a workflow, click
Search
.
•
Select
Analysis > Search
, then select the event type for the search that you want to delete.
The Search page appears.
Step 2
From the list of saved searches, select the search you want to delete and click
Delete
.
The search is deleted.
Using Wildcards and Symbols in Searches
License:
Any
Many text fields on search pages allow you to use an asterisk (*) to match characters in a string. For
example, specifying
example, specifying
net*
matches
network
,
netware
,
netscape
, and so on.
If you want to search for non-alphanumeric characters (including the asterisk character), enclose the
search string in quotation marks. For example, to search for the string:
search string in quotation marks. For example, to search for the string:
Find an asterisk (*)
enter:
“Find an asterisk (*)”
Note that in text fields that allow a wildcard, you must use the wildcard if you want to match a partial
string. For example, if you are searching the audit log for all audit records that involve page views (that
is, the message is Page View), searching for
string. For example, if you are searching the audit log for all audit records that involve page views (that
is, the message is Page View), searching for
Page
returns no results. Instead, specify
Page*
.