View EVE Events
After enabling the Encrypted Visibility Engine and deploying your access control policy, you can start sending live traffic through your system. You can view the logged connection events on the Connection Events page. To access the connection events, in the management center:
Procedure
Step 1 | Click . |
Step 2 | Click the Table View of Connection Events tab. You can also view the connection event fields in the Unified Events viewer, which is under the Analysis menu. Encrypted Visibility Engine can identify the client process that initiated a connection, the OS on the client, and if the process contains malware or not. |
-
Encrypted Visibility Process Name
-
Encrypted Visibility Process Confidence Score
-
Encrypted Visibility Threat Confidence
-
Encrypted Visibility Threat Confidence Score
-
Detection Type
For information about these fields, see the section Connection and Security Intelligence Event Fields in the Connection and Security-Related Connection Events chapter of the Cisco Secure Firewall Management Center Administration Guide.
Note | On the Connection Events page, if processes are assigned applications, the Detection Type column displays Encrypted Visibility Engine indicating that the client application was identified by EVE. Without application assignments to process names, the Detection Type column displays AppID indicating that the engine that identified the client application was AppID. |