Cisco Cisco FirePOWER Appliance 8130
47-13
FireSIGHT System User Guide
Chapter 47 Understanding and Using Workflows
Components of a Workflow
Predefined Correlation and White List Workflows
License:
FireSIGHT
There is a predefined workflow for each type of correlation data, white list events, white list violations,
and remediation status events.
and remediation status events.
Predefined System Workflows
License:
Any
The FireSIGHT System is delivered with some additional workflows, including system events such as
audit events and health events, as well as workflows that list results from rule update imports and active
scans.
audit events and health events, as well as workflows that list results from rule update imports and active
scans.
Table 47-16
Predefined Third-Party Vulnerabilities Workflows
Workflow Name
Description
Vulnerabilities by IP
Address
Address
You can use this workflow to see quickly how many third-party vulnerabilities you have detected
per host IP address on your monitored network. The workflow concludes with a table view of
third-party vulnerabilities, followed by the host view. For more information, see
per host IP address on your monitored network. The workflow concludes with a table view of
third-party vulnerabilities, followed by the host view. For more information, see
.
Vulnerabilities by Source
You can use this workflow to see quickly how many third-party vulnerabilities you have detected
per third-party vulnerability source, such as the QualysGuard Scanner. This workflow provides
some details about those vulnerabilities on an intermediate drill-down page, then concludes with
a table view of third-party vulnerabilities and the host view. For more information, see
per third-party vulnerability source, such as the QualysGuard Scanner. This workflow provides
some details about those vulnerabilities on an intermediate drill-down page, then concludes with
a table view of third-party vulnerabilities and the host view. For more information, see
.
Table 47-17
Predefined Correlation Workflows
Workflow Name
Description
Correlation Events
This workflow contains a table view of correlation events. See
for more information.
White List Events
This workflow contains a table view of white list events. See
for more information.
Host Violation Count
This workflow provides a series of pages that list all the host IP addresses that violate at least
one white list. The first page sorts the addresses based on the number of violations per address,
with the IP addresses with the most number of violations at the top of the list. If a host IP address
violates more than one white list, there is a separate row for each violated white list. The
workflow also contains a table view of white list violations that lists all violations, with the most
recently detected violation at the top of the list. Each row in the table contains a single detected
violation. See
one white list. The first page sorts the addresses based on the number of violations per address,
with the IP addresses with the most number of violations at the top of the list. If a host IP address
violates more than one white list, there is a separate row for each violated white list. The
workflow also contains a table view of white list violations that lists all violations, with the most
recently detected violation at the top of the list. Each row in the table contains a single detected
violation. See
for more information.
White List Violations
This workflow includes a table view of white list violations that lists all violations with the most
recently detected violation at the top of the list. Each row in the table contains a single detected
violation. See
recently detected violation at the top of the list. Each row in the table contains a single detected
violation. See
for more information.
Status
This workflow contains a table view of remediation status, which includes the name of the
policy that was violated and the name and status of the remediation that was applied. See
policy that was violated and the name and status of the remediation that was applied. See
for more information.