Cisco Cisco FirePOWER Appliance 8360
4-39
FireSIGHT System User Guide
Chapter 4 Using the Context Explorer
Working with Filters in the Context Explorer
To clear all filters:
Access:
Admin/Any Security Analyst
Step 1
Click the
Clear
button that appears to the right of the filter widgets.
All filters are cleared.
Note that this button does not appear if no filters have been created.
Creating Filters with the Context Menu
License:
FireSIGHT
While exploring Context Explorer graph and list data, you can click on data points, then use the context
menu to quickly create a filter based on that data, either inclusive or exclusive. If you use the context
menu to filter on information of data type Application, User, or Intrusion Event Message, or any
individual host, the filter widget includes a widget information icon that links to the relevant detail page
for that data type (such as Application Detail for application data). Note that you cannot filter on URL
data.
menu to quickly create a filter based on that data, either inclusive or exclusive. If you use the context
menu to filter on information of data type Application, User, or Intrusion Event Message, or any
individual host, the filter widget includes a widget information icon that links to the relevant detail page
for that data type (such as Application Detail for application data). Note that you cannot filter on URL
data.
You can also use the context menu to investigate specific graph or list data in more detail. For
information, see
information, see
To create a filter from the context menu:
Access:
Admin/Any Security Analyst
Step 1
Select
Analysis > Context Explorer
.
The Context Explorer appears.
Step 2
In any explorer section except Traffic and Intrusion Events over Time or sections that contain URL data,
click a data point you want to filter on.
click a data point you want to filter on.
The context menu pop-up window appears nearby.
Step 3
You have two options:
•
To add a filter for this data, click
Add Filter
.
The filter is added and its widget appears at upper left.
•
To add an exclusion filter for this data, click
Add Exclude Filter
. The filter, when applied, displays all
data not associated with the excluded value.
The filter is added and its widget appears at upper left. Exclude filters display an exclamation point
before the filter value.
before the filter value.
To view filter detail:
Access:
Admin/Any Security Analyst
Step 1
Click the information icon (
) on any eligible filter widget.