Cisco Cisco FirePOWER Appliance 8130
58-6
FireSIGHT System User Guide
Chapter 58 Specifying User Preferences
Configuring Event View Settings
•
The
Show the Last - Sliding
option allows you configure a sliding default time window of the length
you specify.
The appliance displays all the events generated from a specific start time (for example, 1 hour ago)
to the present. As you change event views, the time window “slides” so that you always see events
from the last hour.
to the present. As you change event views, the time window “slides” so that you always see events
from the last hour.
•
The
Show the Last - Static/Expanding
option allows you to configure either a static or expanding default
time window of the length you specify.
For static time windows, enable the
Use End Time
check box. The appliance displays all the events
generated from a specific start time (for example, 1 hour ago) to the time when you first viewed the
events. As you change event views, the time window stays fixed so that you see only the events that
occurred during the static time window.
events. As you change event views, the time window stays fixed so that you see only the events that
occurred during the static time window.
For expanding time windows, disable the
Use End Time
check box. The appliance displays all the
events generated from a specific start time (for example, 1 hour ago) to the present. As you change
event views, the time window expands to the present time.
event views, the time window expands to the present time.
•
The
Current Day - Static/Expanding
option allows you to configure either a static or expanding default
time window for the current day. The current day begins at midnight, based on the time zone setting
for your current session.
for your current session.
For static time windows, enable the
Use End Time
check box. The appliance displays all the events
generated from midnight to the time when you first viewed the events. As you change event views,
the time window stays fixed so that you see only the events that occurred during the static time
window.
the time window stays fixed so that you see only the events that occurred during the static time
window.
For expanding time windows, disable the
Use End Time
check box. The appliance displays all the
events generated from midnight to the present. As you change event views, the time window expands
to the present time. Note that if your analysis continues for over 24 hours before you log out, this
time window can be more than 24 hours.
to the present time. Note that if your analysis continues for over 24 hours before you log out, this
time window can be more than 24 hours.
•
The
Current Week - Static/Expanding
option allows you to configure either a static or expanding default
time window for the current week. The current week begins at midnight on the previous Sunday,
based on the time zone setting for your current session.
based on the time zone setting for your current session.
For static time windows, enable the
Use End Time
check box. The appliance displays all the events
generated from midnight to the time when you first viewed the events. As you change event views,
the time window stays fixed so that you see only the events that occurred during the static time
window.
the time window stays fixed so that you see only the events that occurred during the static time
window.
For expanding time windows, disable the
Use End Time
check box. The appliance displays all the
events generated from midnight Sunday to the present. As you change event views, the time window
expands to the present time. Note that if your analysis continues for over 1 week before you log out,
this time window can be more than 1 week.
expands to the present time. Note that if your analysis continues for over 1 week before you log out,
this time window can be more than 1 week.
Default Workflows
License:
Any
A workflow is a series of pages displaying data that analysts use to evaluate events. For each event type,
the appliance ships with at least one predefined workflow. For example, as a Security Analyst, depending
on the type of analysis you are performing, you can choose among ten different intrusion event
workflows, each of which presents intrusion event data in a different way.
the appliance ships with at least one predefined workflow. For example, as a Security Analyst, depending
on the type of analysis you are performing, you can choose among ten different intrusion event
workflows, each of which presents intrusion event data in a different way.