Cisco Cisco FirePOWER Appliance 7020
46-5
FireSIGHT System User Guide
Chapter 46 Using Custom Tables
Creating a Custom Table
table based on the Intrusion Events table and the Hosts table, you must choose whether the data you
display from the Hosts table applies to the host source IP address or the host destination IP address in
the Intrusion Events table.
display from the Hosts table applies to the host source IP address or the host destination IP address in
the Intrusion Events table.
When you create a new custom table, a default workflow that displays all the columns in the table is
automatically created. Also, just as with predefined tables, you can search custom tables for data that
you want to use in your network analysis. You can also generate reports based on custom tables, as you
can with predefined tables.
automatically created. Also, just as with predefined tables, you can search custom tables for data that
you want to use in your network analysis. You can also generate reports based on custom tables, as you
can with predefined tables.
For more information on creating custom tables, see:
•
•
•
•
•
Creating a Custom Table
License:
FireSIGHT
If you determine that your analysis of the activity on your network would be enhanced by combining
fields from different tables, you can create a custom table.
fields from different tables, you can create a custom table.
Tip
Instead of creating a new custom table, you can export a custom table from another Defense Center, then
import it onto your Defense Center. You can then edit the imported custom table to suit your needs. For
more information, see
import it onto your Defense Center. You can then edit the imported custom table to suit your needs. For
more information, see
To create a custom table, decide which predefined tables delivered with the FireSIGHT System contain
the fields you want to include in your custom table. You can then choose which fields you want to include
and, if necessary, configure field mappings for any common fields.
the fields you want to include in your custom table. You can then choose which fields you want to include
and, if necessary, configure field mappings for any common fields.
Tip
Data involving the Hosts table allows you to view data associated with all IP addresses from one host,
rather than one specific IP address.
rather than one specific IP address.
For example, consider a custom table that combines fields from the Correlation Events table and the
Hosts table. You can use this custom table to get detailed information about the hosts involved in
violations of any of your correlation policies. Note that you must decide whether to display data from
the Hosts table that matches the source IP address or the destination IP address in the Correlation Events
table.
Hosts table. You can use this custom table to get detailed information about the hosts involved in
violations of any of your correlation policies. Note that you must decide whether to display data from
the Hosts table that matches the source IP address or the destination IP address in the Correlation Events
table.