Cisco Cisco FirePOWER Appliance 8360
47-16
FireSIGHT System User Guide
Chapter 47 Understanding and Using Workflows
Using Workflows
•
explains how compound constraints can be used and
provides examples.
•
describes features for sorting the data displayed in
workflows, and for removing and restoring table columns to view.
•
describes how to select data rows in the displayed
table that you want to analyze or on which you want to perform some other action.
•
describes how to open other workflows
using the constraints, including any selected events, from the current workflow.
•
describes the
Jump to
drop-down list and explains how
you can use it to apply the current constraints to a different workflow.
•
provides information about the feature used to search event data.
•
describes how to create, manage, and use bookmarks.
Selecting Workflows
License:
Any
The FireSIGHT System provides predefined workflows for the types of data listed in the following table.
Table 47-20
Features Using Workflows
Feature
Menu Path
Option
Intrusion events
Analysis > Intrusions
Events
Reviewed Events
Clipboard
Incidents
Malware events
Analysis > Files
Malware Events
File events
Analysis > Files
File Events
Captured files
Analysis > Files
Captured Files
Connection events
Analysis > Connections
Events
Security Intelligence
events
events
Analysis > Connections
Security Intelligence Events
Host events
Analysis > Hosts
Network Map
Hosts
Indications of Compromise
Applications
Application Details
Servers
Host Attributes
Discovery Events
User events
Analysis > Users
User Activity
Users