Cisco Cisco Firepower Management Center 4000
47-29
FireSIGHT System User Guide
Chapter 47 Understanding and Using Workflows
Using Workflows
The following table explains the various settings you can configure on the Preferences tab.
Table 47-26
Time Window Preferences
Preference
Description
Refresh Interval
Sets the refresh interval for event views, in minutes. Entering zero disables the refresh option.
Number of Time Windows
Specify how many time windows you want to use:
•
Select
Multiple
to configure separate default time windows for the audit log, for health
events, and for workflows based on events that can be constrained by time.
•
Select
Single
to use a global time window that applies to all events,
Default Time Window:
Show the Last - Sliding
Show the Last - Sliding
This setting allows you to configure a sliding default time window of the length you specify.
The appliance displays all the events generated from a specific start time (for example, 1 hour
ago) to the present. As you change event views, the time window “slides” so that you always see
events from the last hour.
ago) to the present. As you change event views, the time window “slides” so that you always see
events from the last hour.
Default Time Window:
Show the Last -
Static/Expanding
Show the Last -
Static/Expanding
This setting allows you to configure either a static or expanding default time window of the
length you specify.
length you specify.
For static time windows (enable the
Use End Time
check box), the appliance displays all the
events generated from a specific start time (for example, 1 hour ago), to the time when you first
viewed the events. As you change event views, the time window stays fixed so that you see only
the events that occurred during the static time window.
viewed the events. As you change event views, the time window stays fixed so that you see only
the events that occurred during the static time window.
For expanding time windows (disable the
Use End Time
check box), the appliance displays all the
events generated from a specific start time (for example, 1 hour ago), to the present. As you
change event views, the time window expands to the present time.
change event views, the time window expands to the present time.
Default Time Window:
Current Day -
Static/Expanding
Current Day -
Static/Expanding
This setting allows you to configure either a static or expanding default time window for the
current day. The current day begins at midnight, based on the time zone setting for your current
session.
current day. The current day begins at midnight, based on the time zone setting for your current
session.
For static time windows (enable the
Use End Time
check box), the appliance displays all the
events generated from midnight to the time when you first viewed the events. As you change
event views, the time window stays fixed so that you see only the events that occurred during
the static time window.
event views, the time window stays fixed so that you see only the events that occurred during
the static time window.
For expanding time windows (disable the
Use End Time
check box), the appliance displays all the
events generated from midnight to the present. As you change event views, the time window
expands to the present time. Note that if your analysis continues for over 24 hours before you
log out, this time window can be more than 24 hours.
expands to the present time. Note that if your analysis continues for over 24 hours before you
log out, this time window can be more than 24 hours.
Default Time Window:
Current Week -
Static/Expanding
Current Week -
Static/Expanding
This setting allows you to configure either a static or expanding default time window for the
current week. The current week begins at midnight on the previous Sunday, based on the time
zone setting for your current session.
current week. The current week begins at midnight on the previous Sunday, based on the time
zone setting for your current session.
For static time windows (enable the
Use End Time
check box), the appliance displays all the
events generated from midnight to the time when you first viewed the events. As you change
event views, the time window stays fixed so that you see only the events that occurred during
the static time window.
event views, the time window stays fixed so that you see only the events that occurred during
the static time window.
For expanding time windows (disable the
Use End Time
check box), the appliance displays all the
events generated from midnight Sunday to the present. As you change event views, the time
window expands to the present time. Note that if your analysis continues for over 1 week before
you log out, this time window can be more than 1 week.
window expands to the present time. Note that if your analysis continues for over 1 week before
you log out, this time window can be more than 1 week.