Cisco Cisco FirePOWER Appliance 7020
46-9
FireSIGHT System User Guide
Chapter 46 Using Custom Tables
Searching Custom Tables
To view a workflow based on a custom table:
Access:
Any/Admin
Step 1
Select
Analysis > Custom > Custom Tables
.
The Custom Tables page appears.
Step 2
Click the view icon (
) next to the custom table on which the workflow you want to see is based.
The first page of the default workflow for the custom table appears. To use a different workflow, click
(switch workflow)
by the workflow title. For information on how to specify a different default workflow,
see
. If no events appear and the workflow can be
constrained by time, you may need to adjust the time range; see
Searching Custom Tables
License:
FireSIGHT
You can create and save searches for a custom table. You may want to create searches customized for
your network environment, then save them to reuse later. Note that if you delete a custom table, all
searches you have saved for that custom table are also deleted.
your network environment, then save them to reuse later. Note that if you delete a custom table, all
searches you have saved for that custom table are also deleted.
The search criteria you can use are the same as the criteria for the predefined tables you used to build
your custom table. See the sections listed in the following table for detailed information on the search
criteria you can use.
your custom table. See the sections listed in the following table for detailed information on the search
criteria you can use.
Table 46-3
Table Search Criteria
For search criteria for...
See...
Audit Events
Application Details
Correlation Events
Connection Data
Hosts
Host Attributes
Hosts with Applications
and
Intrusion Events
Intrusion Events with Destination
Criticality
Criticality
and
Intrusion Events with Source
Criticality
Criticality
and
Status Events
Discovery Events
User Events