Cisco Cisco Firepower Management Center 4000
47-27
FireSIGHT System User Guide
Chapter 47 Understanding and Using Workflows
Using Workflows
To change the time window during event analysis:
Access:
Admin/Maint/Any Security Analyst
Table 47-25
Time Window Settings
Setting
Time Window Type
Description
time window type
drop-down list
drop-down list
n/a
Select the type of time window you want to use: static, expanding, or
sliding.
sliding.
Note that events that were generated outside the appliance's configured
time window (whether global or event-specific) may appear in an event
view if you constrain the event view by time. This may occur even if
you configured a sliding time window for the appliance.
time window (whether global or event-specific) may appear in an event
view if you constrain the event view by time. This may occur even if
you configured a sliding time window for the appliance.
Start Time calendar
static and expanding
Specify a start date and time for your time window. The maximum time
range for all time windows is from midnight on January 1, 1970 (UTC)
to 3:14:07 AM on January 19, 2038 (UTC).
range for all time windows is from midnight on January 1, 1970 (UTC)
to 3:14:07 AM on January 19, 2038 (UTC).
Tip
Instead of using the calendar, you can use the Presets options,
described below.
described below.
End Time calendar
static
Specify an end date and time for your time window. The maximum time
range for all time windows is from midnight on January 1, 1970 (UTC)
to 3:14:07 AM on January 19, 2038 (UTC).
range for all time windows is from midnight on January 1, 1970 (UTC)
to 3:14:07 AM on January 19, 2038 (UTC).
Note that If you are using an expanding time window, the End Time
calendar is grayed out and specifies that the end time is “Now.”
calendar is grayed out and specifies that the end time is “Now.”
Tip
Instead of using the calendar, you can use the Presets options,
described below.
described below.
Show the Last field and
drop-down list
drop-down list
sliding
Configure the length of the sliding time window.
Presets: Last
all
Click one of the time ranges in the list to change the time window, based
on the local time of the appliance. For example, clicking
on the local time of the appliance. For example, clicking
1 week
changes
the time window to reflect the last week. Clicking a preset changes the
calendars to reflect the preset you choose.
calendars to reflect the preset you choose.
Presets: Current
static and expanding
Click one of the time ranges in the list to change the time window, based
on the local time and date of the appliance. Clicking a preset changes
the calendars to reflect the preset you choose.
on the local time and date of the appliance. Clicking a preset changes
the calendars to reflect the preset you choose.
Note that:
•
the current day begins at midnight
•
the current week begins at midnight Sunday
•
the current month begins at midnight on the first of the month
Presets: Synchronize with
all (not available if
you are using a global
time window)
you are using a global
time window)
Click one of:
•
Events Time Window
to synchronize the current time window with the
events time window
•
Health Monitoring Time Window
to synchronize the current time
window with the health monitoring time window
•
Audit Log Time Window
to synchronize the current time window with
the audit log time window