Skip navigation
All Places > Products > RSA NetWitness Platform > RSA NetWitness Platform Online Documentation > Documents
Log in to create and rate content, and to follow, bookmark, and share content with other members.

Endpoint: Hosts View - System Information Tab

Document created by RSA Information Design and Development Employee on Apr 11, 2019Last modified by RSA Information Design and Development Employee on Nov 11, 2020
Version 14Show Document
  • View in full screen mode

Note: The information in this topic applies to RSA NetWitness Platform Version 11.1 and later.

The System Information tab lists the agent system information. To access this tab, select a host from the Hosts view and click the System Information tab.


Workflow for Hosts system information

What do you want to do?

User RoleI want to ...Show me how
Threat Hunterreview hosts with highest risk score

Analyze Hosts Using the Risk Score

Threat Hunteranalyze hosts* Investigating Hosts
Threat Hunterperform adhoc scan*

Scan Hosts

Threat Hunterreview host details

Analyze Host Details

Threat Huntersearch on snapshot*

Search Files on Host

Threat Hunteranalyze processes

Investigating a Process

Threat Hunterreview reported anomalies

Analyze Anomalies

Threat Hunteranalyze risky users Analyzing Risky Users

Threat Hunter

analyze events

Analyzing Events

Threat Hunterdownload files for deeper analysis Analyzing Downloaded Files
Threat Hunterperform external lookupsLaunch an External Lookup for a File
Threat Hunterchange file status or remediateChanging File Status or Remediate
Threat Hunterisolate host from network*Isolating Hosts from Network
Threat Hunterdownload MFT, system dump, or process dump*Performing Host Forensics

*You can perform this task in the current view.

Related Topics

Quick Look

Below is an example of the System Information tab:

System Information tab


Agent and Scan Details. You can view the following agent and scan details of the selected host:

Host name - Name of the host. For example, WIN-ABC.

Risk score - Risk score of the host.

Operating System - Operating system on which the agent is running (Linux, Windows, or Mac).

Agent Scan Status - Current status of the scan - Idle, Scanning, Starting Scan, or Stopping Scan. For more information, see Scan Hosts.

Agent Last Seen - Time when the agent last communicated with the Endpoint server.

Agent Version - Version of the agent. For example,

More - Provides options to:

Snapshot Time - Lists scanned time stamps. To view the scan history, you can select the snapshot time from the drop-down menu.

2Search on Snapshots. Lets you search on all snapshots (file name, file path, and SHA-256 checksum). For more information, see Search Files on Host.

System Information Panel - See System Information Panel.

System Information Panel

The System Information panel displays the following tabs:

Host File EntriesAll network redirections written in the host file. For example, IP Address - and DNS Name - localhost,localhost.localdomain,localhost4,localhost4.localdomain4
Network SharesNetwork name of the shared resource (for Windows only). For example, Name - Admin$, Description - Remote Admin, Path - C:\, Permissions - None, Type - disk, special, Max Users - 4294967295, Current Users - 0.
Security ProductsInstalled security products (for Windows only). For example, Display Name - Windows Defender, Instance - D68DDC3A-831F-4FAE-9E44-DA132C1ACF46, Features - Enabled, Type - antiVirus.
Windows PatchesList of patches applied by Windows update (for Windows only). For example, KB2959936.
Security ConfigurationSecurity configuration details on the host. For example, firewall disabled or enabled, smart screen filter disabled or enabled. This field is only applicable for Windows and Mac.

You are here
Table of Contents > NetWitness Endpoint Reference Materials > Hosts View - System Information