Cisco Cisco FirePOWER Appliance 8130
2-5
FireSIGHT System User Guide
Chapter 2 Logging into the FireSIGHT System
Using the Context Menu
When you are no longer actively using the web interface, Cisco recommends that you log out, even if
you are only stepping away from your web browser for a short period of time. Logging out ends your
web session and ensures that no one can use the appliance with your credentials.
you are only stepping away from your web browser for a short period of time. Logging out ends your
web session and ensures that no one can use the appliance with your credentials.
By default, your session automatically logs you out after 1 hour of inactivity, unless you are otherwise
configured to be exempt from session timeout. Users with the Administrator role can change the session
timeout interval in the system policy. For more information, see
configured to be exempt from session timeout. Users with the Administrator role can change the session
timeout interval in the system policy. For more information, see
.
To log out of the appliance:
Access:
Any
Step 1
Click
Logout
on the toolbar.
Using the Context Menu
License:
feature dependent
For your convenience, certain pages in the web interface support a pop-up context menu that you can use
as a shortcut for accessing other features in the FireSIGHT System. The contents of the menu depend on
the hotspot where you access it—not only the page but also the specific data.
as a shortcut for accessing other features in the FireSIGHT System. The contents of the menu depend on
the hotspot where you access it—not only the page but also the specific data.
For example, IP address hotspots in event views, intrusion event packet views, the dashboard, and the
Context Explorer provide additional options. Use the IP address context menu by right-clicking on the
hotspot to learn more about the host associated with that address, including any available whois and host
profile information. Except on the DC500 Defense Center, which does not support Security Intelligence
filtering, you can also add an individual IP address to the Security Intelligence global whitelist or
blacklist.
Context Explorer provide additional options. Use the IP address context menu by right-clicking on the
hotspot to learn more about the host associated with that address, including any available whois and host
profile information. Except on the DC500 Defense Center, which does not support Security Intelligence
filtering, you can also add an individual IP address to the Security Intelligence global whitelist or
blacklist.
As another example, SHA-256 value hotspots in event views and the dashboard allow you to add a file’s
SHA-256 hash value to the clean list or custom detection list, or view the entire hash value for copying.
Note that this functionality is also not supported on the DC500 Defense Center.
SHA-256 hash value to the clean list or custom detection list, or view the entire hash value for copying.
Note that this functionality is also not supported on the DC500 Defense Center.
The following list describes many of the options available in the context menu on various pages of the
web interface. On pages or locations where the Cisco context menu is not supported, the normal context
menu for your browser appears.
web interface. On pages or locations where the Cisco context menu is not supported, the normal context
menu for your browser appears.
Access Control Policy Editor
The access control policy editor contains hotspots over each access control rule. You can use the
context menu to insert new rules and categories; cut, copy, and paste rules; set the rule state; and
edit the rule.
context menu to insert new rules and categories; cut, copy, and paste rules; set the rule state; and
edit the rule.
NAT Policy Editor
The NAT policy editor contains hotspots over each NAT rule. You can use the context menu to insert
new rules; cut, copy, and paste rules; set the rule state; and edit the rule.
new rules; cut, copy, and paste rules; set the rule state; and edit the rule.
Intrusion Rule Editor
The intrusion rule editor contains hotspots over each intrusion rule. You can use the context menu
to edit the rule, set the rule state (including disabling the rule), configure thresholding and
suppression options, and view rule documentation.
to edit the rule, set the rule state (including disabling the rule), configure thresholding and
suppression options, and view rule documentation.