для Cisco Cisco Firepower Management Center 2000
41-17
FireSIGHT System User Guide
Chapter 41 Configuring Remediations
Working with Remediation Status Events
If you plan to use this remediation in response to a correlation rule that triggers on a discovery event or
host input event, by default the remediation scans the IP address of the host involved in the event; you
do not need to configure this option.
host input event, by default the remediation scans the IP address of the host involved in the event; you
do not need to configure this option.
Step 7
Configure the
Use Description From Event For Attribute Value (text attributes only)
option:
•
To use the description from the event as the attribute value, select
On
.
•
To use the Attribute Value setting for the remediation as the attribute value, select
Off
.
Step 8
If you are not planning to use the event description, type the attribute value you want to set in the
Attribute
Value
field.
Step 9
Click
Save
, then click
Done
.
The remediation is created.
Working with Remediation Status Events
License:
FireSIGHT
When a remediation triggers, a remediation status event is generated. These events are logged to the
database and can be viewed on the Remediation Status page. You can search, view, and delete
remediation status events.
database and can be viewed on the Remediation Status page. You can search, view, and delete
remediation status events.
For more information, see:
•
•
Viewing Remediation Status Events
License:
FireSIGHT
The page you see when you access remediation status events differs depending on the workflow you use.
You can use the predefined workflow, which includes a table view of remediations. The table view
contains a row for each remediation status event. You can also create a custom workflow that displays
only the information that matches your specific needs. For information on creating a custom workflow,
see
You can use the predefined workflow, which includes a table view of remediations. The table view
contains a row for each remediation status event. You can also create a custom workflow that displays
only the information that matches your specific needs. For information on creating a custom workflow,
see
The following table describes some of the specific actions you can perform on a remediation status
events workflow page.
events workflow page.
Table 41-1
Options for Viewing Remediation Status Events
To...
You can...
.
modify the time and date range for
displayed events
displayed events
see
.
Note that events that were generated outside the appliance's configured time
window (whether global or event-specific) may appear in an event view if you
constrain the event view by time. This can occur even if you configured a sliding
time window for the appliance.
window (whether global or event-specific) may appear in an event view if you
constrain the event view by time. This can occur even if you configured a sliding
time window for the appliance.