Cisco Cisco FirePOWER Appliance 7020
4-2
FireSIGHT System User Guide
Chapter 4 Using the Context Explorer
Understanding the Context Explorer
For more information on the related FireSIGHT System dashboard, see
.
Understanding the Context Explorer
License:
FireSIGHT
The Context Explorer comprises several distinct sections that together offer a complete overview of
FireSIGHT data on your monitored network. The first section, a line chart of traffic and event counts
over time, provides an at-a-glance picture of recent trends in your network’s activity.
FireSIGHT data on your monitored network. The first section, a line chart of traffic and event counts
over time, provides an at-a-glance picture of recent trends in your network’s activity.
The other sections are sets of interactive graphs and lists that provide greater detail for indications of
compromise, network, application, Security Intelligence, intrusion, file, geolocation, and URL data.
Except for the traffic and events time graph, you can view or hide any section. You can also apply filters
to constrain the data that appears in all sections; see
compromise, network, application, Security Intelligence, intrusion, file, geolocation, and URL data.
Except for the traffic and events time graph, you can view or hide any section. You can also apply filters
to constrain the data that appears in all sections; see
for more information.
For in-depth information on the content and function of Context Explorer sections, see the following
topics:
topics:
•
•
•
•
•
•
Table 4-1
Comparison: Dashboard and Context Explorer
Feature
Dashboard
Context Explorer
Displayable data
Anything monitored by the FireSIGHT System Applications, application statistics,
geolocation, indications of compromise,
intrusion events, files (including malware
files), hosts, Security Intelligence events,
servers, users, and URLs
intrusion events, files (including malware
files), hosts, Security Intelligence events,
servers, users, and URLs
Customizability
•
Selection of widgets for a dashboard is
customizable
customizable
•
Individual widgets can be customized to
varying degrees
varying degrees
•
Cannot change base layout
•
Applied filters appear in explorer URL and
can be bookmarked for later use
can be bookmarked for later use
Data update frequency
Automatic (default); user-configured
Manual
Data filtering
Possible for some widgets (must edit widget
preferences)
preferences)
Possible for all parts of the explorer, with
support for multiple filters
support for multiple filters
Graphical context
Some widgets (particularly Custom Analysis)
can display data in graph form
can display data in graph form
Extensive graphical context for all data,
including uniquely detailed donut graphs
including uniquely detailed donut graphs
Links to relevant web
interface pages
interface pages
In some widgets
In every section
Time range of displayed
data
data
User-configured
User-configured