Skip navigation
All Places > Products > RSA NetWitness Platform > RSA NetWitness Platform Online Documentation > Documents
Log in to create and rate content, and to follow, bookmark, and share content with other members.

Endpoint: Hosts View - Libraries Tab

Document created by RSA Information Design and Development Employee on Apr 11, 2019Last modified by RSA Information Design and Development Employee on Nov 11, 2020
Version 25Show Document
  • View in full screen mode

Note: The information in this topic applies to RSA NetWitness Platform Version 11.1 and later.

The Libraries tab lists the libraries loaded at the time of scan. To access this tab, select a host from the Hosts view and click the Libraries tab.


Workflow for Hosts

What do you want to do?

User RoleI want to ...Show me how
Threat Hunterreview hosts with highest risk score*

Analyze Hosts Using the Risk Score

Threat Hunteranalyze hosts* Investigating Hosts
Threat Hunterperform adhoc scan*

Scan Hosts

Threat Hunterreview host details

Analyze Host Details

Threat Huntersearch on snapshot*

Search Files on Host

Threat Hunteranalyze processes

Investigating a Process

Threat Hunterreview reported anomalies

Analyze Anomalies

Threat Hunteranalyze risky users Analyzing Risky Users

Threat Hunter

analyze events*

Analyzing Events

Threat Hunterdownload files for deeper analysis*Analyzing Downloaded Files
Threat Hunterperform external lookups* Launch an External Lookup for a File
Threat Hunterchange file status or remediate* Changing File Status or Remediate

Threat Hunter

filter files*

Filter Host Details

Threat Hunterisolate host from network*Isolating Hosts from Network
Threat Hunterdownload MFT, system dump, or process dump*Performing Host Forensics

*You can perform this task in the current view.

Related Topics

Quick Look

Below is an example of the Libraries tab:

Libraries tab


Agent and Scan Details. You can view the following agent and scan details of the selected host:

Host name - Name of the host. For example, WIN-ABC.

Risk score - Risk score of the host.

Operating System - Operating system on which the agent is running (Linux, Windows, or Mac).

Agent Scan Status - Current status of the scan - Idle, Scanning, Starting Scan, or Stopping Scan. For more information, see Scan Hosts.

Agent Last Seen - Time when the agent last communicated with the Endpoint server.

Agent Version - Version of the agent. For example,

More - Provides options to:

Snapshot Time - Lists scanned time stamps. To view the scan history, you can select the snapshot time from the drop-down menu.


Actions in the toolbar:

Change File Status - Provides capabilities to manage suspect and legitimate files and block malicious or infected file to prevent future execution of the file on any host. For more information, see Changing File Status or Remediate.

Analyze Events - Lets you investigate a particular host, IP address, username, filename, or hash to get the entire context of the activity. For more information, see Analyzing Events.

More Actions - Provides options to:

  • Perform external lookups.
  • Download process dump to server.
  • Download files to server, save a local copy, and analyze files for deeper analysis.

Note: You can perform some of the above actions from the right-click context menu.

3Search on Snapshots. Lets you search on all snapshots (file name, file path, and SHA-256 checksum). For more information, see Search Files on Host.

Details Panel - Displays information, such as process context, filename, local risk score, global risk score, on hosts, reputation status, file status, and others.

5Show/Hide Right Panel - Displays the following properties in the right panel:
  • File Details - Displays all properties of the selected process. It is grouped as follows:

    General - General information about the file, such as file name, entropy, size, and format.

    Signature - Provides signatory information.

    Hash - Hash type of the file (MD5, SHA1, and SHA256).

    Time - Time when the file was created, modified, or accessed.

    Location - Location of the file.

    Process - Details of the process, such as image size and PID.

  • Local Risk Details - Displays the alerts associated with the local risk score, such as Critical, High, Medium and All.
  • Hosts - Displays the top 100 hosts based on the risk score on which the file is present.
6Clicking a filename lets you navigate to the Files view for further analysis.
7Filter Files. You can filter files by selecting the options in the Filters panel and create filters. For more information, see Filter Host Details.
8Settings Menu. You can set Hosts view preferences by selecting columns from the Settings menu. For more information, see Set Hosts Preference.

You are here
Table of Contents > NetWitness Endpoint Reference Materials > Hosts View - Libraries Tab