Cisco Cisco FirePOWER Appliance 7020
56-3
FireSIGHT System User Guide
Chapter 56 Auditing the System
Managing Audit Records
To view audit records:
Access:
Admin
Step 1
Select
System > Monitoring > Audit
.
The first (and only) page of the default audit log workflow appears. To use a different workflow,
including a custom workflow, click
including a custom workflow, click
(switch workflow)
. For information on specifying a different default
workflow, see
. If no events appear, you may need to adjust
the time range. For more information, see
.
Tip
If you are using a custom workflow that does not include the table view of audit events, click
(switch
workflow)
, then select
Audit Log
.
Working with Audit Events
License:
Any
constraining on a specific value
Click a value within a row.
If you click a value on a drill-down page, you move to the next page and constrain on
the value.
the value.
Note that clicking a value within a row in a table view constrains the table view and
does not drill down to the next page.
does not drill down to the next page.
Tip
Table views always include “Table View“ in the page name.
For more information, see
.
delete audit records
use one of the following methods:
•
To delete some items, select the check boxes next to events you want to delete,
then click
then click
Delete
.
•
To delete all items in the current constrained view, click
Delete All
, then confirm
you want to delete all the events.
temporarily use a different workflow click
(switch workflow)
. For more information, see
.
bookmark the current page so you
can quickly return to it
can quickly return to it
click
Bookmark This Page
. For more information, see
navigate to the bookmark
management page
management page
click
View Bookmarks
. For more information, see
.
generate a report based on the data in
the current view
the current view
click
Report Designer
. For more information, see
.
view a summary of a change
recorded in the audit log
recorded in the audit log
click the compare icon (
) next to applicable events in the
Message
column. For more
information, see
.
Table 56-1
Audit Log Actions (continued)
To...
You can...