The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
After you configure your Firewall devices to send event data to your Secure Network Analytics appliance as part of Security Analytics and Logging (OnPrem), you can take the following steps:
Review the management center online help.
Review the Manager Web App online help to learn more about Secure Network Analytics.
If your devices are sending connection events to a Secure Network Analytics appliance using Security Analytics and Logging (OnPrem), you can view and work with these remotely stored events in the management center's event viewer and context explorer, and include them when generating reports. You can also cross-launch from an event in the management center to view related data on your Secure Network Analytics appliance.
By default, the system automatically selects the appropriate data source based on the time range you specify. If you want to override the data source, use this procedure.
 Important |
When you change the data source, your selection persists across all of the relevant analytics features that rely on the event data source, including reports, until you change it, even after you sign out. Your selection does not apply to other management center users. |
The selected data source is used for low-priority connection events only. All other event types (intrusion, file, and malware events; connection events associated with those events; and Security Intelligence events) are displayed regardless of data source.
You have used the wizard to send connection events to Security Analytics and Logging (OnPrem).
|
Step 1 |
In the management center web interface, navigate to a page that displays connection event data, such as Analysis > Connections > Events. |
||
|
Step 2 |
Click the data source displayed here and select an option: 
|
||
|
Step 3 |
(Optional) To view related data directly in your Secure Network Analytics appliance, right-click (in the unified event viewer, click) a value such as an IP address or domain and choose a cross-launch option. |
When viewing events in themanagement center, you can right-click certain event data (for example, an IP address) and view related data in Manager.
|
Step 1 |
Navigate to one of the following pages in the management center that shows events:
|
|
Step 2 |
Right-click the event field of interest and choose the Security Analytics and Logging (OnPrem) cross-launch resource. The Manager opens in a separate browser window. You may be prompted for a username and password if you are not already logged in. It may take some time for the query to be processsed, depending on the amount of data to be queried, speed of and demand on the Manager, and so on. |
|
Step 3 |
Sign into the Manager. |
Feedback