для Cisco Cisco FirePOWER Appliance 8270

Admin/Intrusion Admin

modify the date and time 
range in the packet views

find more information in 

learn more about the 
information displayed in 
the packet view

find more information in:

add an event to the 
clipboard so you can 
transfer it to the incidents 
at a later time

either:

click 

 to copy the event whose packet you are viewing

click 

 to copy all the events whose packets you previously selected

The clipboard stores up to 25,000 events per user. For more information on the clipboard, see 

delete an event from the 
event database

either:

click 

 to delete the event whose packet you are viewing

click 

 to delete all the events whose packets you previously selected

mark an event reviewed to 
remove it from event views, 
but not the event database.

either:

click 

 to review the event whose packet you are viewing

click 

 to review all the events whose packets you previously selected 

For more information, see 

. Note that reviewed events 

continue to be included in the event statistics on the Intrusion Event Statistics page.

download a local copy of 
the packet (a packet capture 
file in libpcap format) that 
triggered the event

either:

click 

to save a copy of the captured packet for the event you are viewing

click 

to save copies of the captured packets for all the events whose 

packets you previously selected

The captured packet is saved in libpcap format. This format is used by several popular protocol 
analyzers. 

Note that you cannot download a portscan packet because single portscan events are based on 
multiple packets; however, the portscan view provides all usable packet information. See 

 for more information.

Note that you must have at least 15% available disk space in order to download.

expand or collapse a page 
section

click the arrow next to the section.