Configure Firesight Management Center to Display the Hit-Counts per Access Rule

Available Languages

Download Options

  • PDF     (711.3 KB)
    View with Adobe Reader on a variety of devices
  • ePub     (838.3 KB)
    View in various apps on iPhone, iPad, Android, Sony Reader, or Windows Phone
  • Mobi (Kindle)     (488.7 KB)
    View on Kindle device or Kindle app on multiple devices
Updated:July 27, 2017
Document ID:211515

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

    Introduction

    This document describes how to configure custom workflow/event viewer page to depict the connection hit-counts per access rule name. The configuration shows a basic example of rule name field associated with hit-counts and how to add additional fields if required.

    Prerequisites

    Requirements

    Cisco recommends that you have knowledge of these topics:

    • Knowledge of Firepower Technology
    • Knowledge of basic navigation within the Firesight Management Center

    Components Used

    The information in this document is based on these software and hardware versions:

    • Firepower Management Center version 6.1.X and above
    • Applicable to managed Threat Defense/Firepower Sensors

    The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command.

    Configure

    Configurations

    Step 1. Login to the Firesight Management Center with administrator privileges.

    Once the login is successful navigate to Analysis > Custom > Custom Workflows, as shown in the image:

    Step 2. Click on Create Custom Workflow and choose the parameters as shown in the image:

    Step 3. Select the table field as Connection Events and enter a Workflow name, then click on Save. Once the workflow is saved, click on Add Page as shown in the image:

    Note: The first column has to be Count and then in the additional Column you can choose among the available fields from the drop-down. In this case, the first column is a Count and the second column is Access Control Rule.


    Step 4. Once the workflow page is added, click on Save.

    In order to view the hit-counts, navigate to Analysis > Connections > Events and click on Switch Workflows, as shown in the image:



     Step 5. From the drop down, choose the Custom Workflow that you have created (in this case Hit-Counts), as shown in the image:

    Verify

    There is currently no verification procedure available for this configuration.

    Troubleshoot

    There is currently no specific troubleshooting information available for this configuration.

    TAC Authored

    Contributed by Cisco Engineers

    • Raghunath Kulkarni
      Prashant Joshi

    Was this Document Helpful?

    FeedbackFeedback

    Contact Cisco

    This Document Applies to These Products