View EVE Events
After enabling the Encrypted Visibility Engine and deploying your access control policy, you can start sending live traffic through your system. You can view the logged connection events in the Connection Events page. To access the connection events, in the management center:
Procedure
Step 1 | Click . | ||
Step 2 | Click the Table View of Connection Events tab. You can also view the connection event fields in the Unified Events viewer, which is under the Analysis menu. Encrypted Visibility Engine can identify the client process that initiated a connection, the OS on the client, and if the process contains malware or not. | ||
Step 3 | In the Connection Events page, view the following columns that are added for Encrypted Visibility Engine. Note that you must explicitly enable the mentioned columns.
For information about these fields, see the section Connection and Security Intelligence Event Fields in the Connection and Security-Related Connection Events chapter of the Cisco Secure Firewall Management Center Administration Guide.
|