Solved: Re: FMC Unified Events filtering

Jacob Gibb · ‎12-28-2023

Hello,

I am looking to understand where the filters ($(10.x.x.x) are created when filtering in the FMC unified events viewer similar to below. Some networks are there and some are not. In particular, I would like to filter on a subnet in general to view traffic from anyone in that subnet. Thanks.

Marvin Rhoads · ‎12-29-2023

Just type in the address and subnet mask in CIDR format (a.b.c.d/xy - for example 192.168.1.0/24). The variable objects preceded by $ are created in the event that you have a network object already in existence for the subnet. They are not required to filter though.

View solution in original post

Eric R. Jones · ‎12-28-2023

So I watched the video on this, I need to go back and review it again;however, I do not remember the ability to filter or search for a particular IP address or anything else in this view. I felt that this, a failry ok replacement to the ASDM live view of traffic, wasn't what I want. Can you actually search for/filter for a particular IP or range of IP's?

MHM Cisco World · ‎12-28-2023

https://www.cisco.com/c/en/us/support/docs/security/secure-firewall-management-center/221068-monitor-events-using-unified-event-viewe.html

MHM

Eric R. Jones · ‎01-02-2024

thanks for the link. This actually helped me more than the video on the part I was curious about.

Marvin Rhoads · ‎12-29-2023

Just type in the address and subnet mask in CIDR format (a.b.c.d/xy - for example 192.168.1.0/24). The variable objects preceded by $ are created in the event that you have a network object already in existence for the subnet. They are not required to filter though.

Jacob Gibb · ‎01-02-2024

Thanks, Marvin. That did it!