Cisco Cisco FirePOWER Appliance 7020
38-25
FireSIGHT System User Guide
Chapter 38 Working with Discovery Events
Working with Hosts
For more information on searching, including how to load and delete saved searches, see
To search for hosts:
Access:
Admin/Any Security Analyst
Step 1
Select
Analysis > Search
.
The Search page appears.
Step 2
From the
Table
drop-down list, select
Hosts
.
The page reloads with the appropriate constraints.
Tip
To search the database for a different kind of event, select it from the
Table
drop-down list.
Step 3
Optionally, if you want to save the search, enter a name for the search in the
Name
field.
If you do not enter a name, the Defense Center automatically creates one when you save the search.
Step 4
Enter your search criteria in the appropriate fields, as described in the
. If you enter
multiple criteria, the Defense Center returns only the records that match all the criteria. Click the add
icon (
icon (
) that appears next to a search field to use an object as a search criterion.
Step 5
If you want to save the search so that other users can access it, clear the
Save As Private
check box.
Otherwise, leave the check box selected to save the search so that only you can use it.
Tip
If you want to save a search as a restriction for custom user roles with restricted privileges, you must
save it as a private search.
save it as a private search.
Step 6
You have the following options:
•
Click
Search
to start the search.
Your search results appear in the default hosts workflow. To use a different workflow, including a
custom workflow, click
custom workflow, click
(switch workflow)
. For information on specifying a different default
workflow, see
.
•
Click
Save
if you are modifying an existing search and want to save your changes.
Confidence
You can precede the confidence with greater than (
>
), greater than or equal to (
>=
), less than (
<
),
less than or equal to (
<=
), or equal to (
=
) operators.
Matches to an
n/a
search include hosts added to the network map based on NetFlow data.
OS Conflict
Note that the OS Conflict column does not appear in search results. To determine whether you are
viewing hosts with or without operating system conflicts, expand the search constraints on the
workflow page. For more information on resolving operating system conflicts, see
viewing hosts with or without operating system conflicts, expand the search constraints on the
workflow page. For more information on resolving operating system conflicts, see
Table 38-5
Host Search Criteria (continued)
Field
Search Criteria Notes