I have a ASA 5516-X with SFR 6.2.3.3 and am running the Firepower Management Center 6.2.3.3. The ASA is currently in monitor-only mode, inspecting all traffic on the inside interface.
I have a dashboard widget showing Traffic by Initiator IP, using the preset, and the data looks correct.
I have another widget that is identical except that it includes a search. That widget shows no data.
That same search, if I run it from Analysis, Connection Events, works properly and shows the data filtered as expected (but more specifically does show connections in that time frame). The data looks correct.
The filter contains only one item: Responder IP = ${StateNetworks}
StateNetworks is an object group containing about a dozen objects, each of which is a /24 subnet.
I also created a report, and in that may have found a clue. There's a separate Connection Summary Data vs Connection Events. In the report I have both available, and the search works fine on Connection Events, but not on Connection Summary Data, which it also returns no data. In the widget there is no option for Connection Events.
It looks like the data is all present in the summary table, but it doesn't seem able to apply the search to it (but it allows me to try).
Am I missing something?
Linwood