Skip navigation
All Places > Products > RSA NetWitness Platform > RSA NetWitness Platform Online Documentation > Documents
Log in to create and rate content, and to follow, bookmark, and share content with other members.

Endpoint: Hosts View

Document created by RSA Information Design and Development Employee on Apr 11, 2019Last modified by RSA Information Design and Development Employee on Nov 11, 2020
Version 25Show Document
  • View in full screen mode

Note: The information in this topic applies to RSA NetWitness Platform Version 11.1 and later.

The Hosts view provides a list of all hosts with an Endpoint agent installed. To access this view, go to Hosts. By default, hosts are sorted based on the risk score.


Workflow for Hosts

What do you want to do?

User RoleI want to ...Show me how
Threat Hunterreview hosts with highest risk score*

Analyze Hosts Using the Risk Score

Threat Hunteranalyze hosts* Investigating Hosts
Threat Hunterperform adhoc scan*

Scan Hosts

Threat Hunterreview host details*

Analyze Host Details

Threat Huntersearch on snapshot*

Search Files on Host

Threat Hunteranalyze processes*

Investigating a Process

Threat Hunterreview reported anomalies*

Analyze Anomalies

Threat Hunteranalyze risky users* Analyzing Risky Users

Threat Hunter

analyze events*

Analyzing Events

Threat Hunterdownload files for deeper analysis*Analyzing Downloaded Files
Threat Hunterperform external lookups* Launch an External Lookup for a File
Threat Hunterchange file status or remediate* Changing File Status or Remediate

Threat Hunter

filter files*

Filter Host Details

Threat Hunterisolate host from network* Isolating Hosts from Network
Threat Hunterdownload MFT*, system dump*, or process dumpPerforming Host Forensics

*You can perform this task in the current view.

Related Topics

Quick Look

Below is an example of the Hosts view:

Hosts view

1Filter Hosts.You can filter the hosts by selecting the options in the Filters panel and create filters. For more information, see Filter Hosts.
2Actions in the toolbar:

Server drop-down list - You can select the Endpoint server or Endpoint Broker server to view the hosts.

Analyze Events - Lets you investigate a particular host, IP address, username, filename, or hash to get the entire context of the activity. For more information, see Analyzing Events.

Start Scan - Starts a scan for the selected hosts.

Stop Scan - Stops a scan for the selected hosts.

More Actions - Provides options to:

Note: You can perform the above actions from the right-click context menu.


Sort Columns. Lets you sort on column titles.


Export to CSV - Extracts host attributes to a CSV file. For more information, see Export Host Attributes.


Settings Menu. You can set Hosts view preferences by selecting columns from the Settings menu. For more information, see Set Hosts Preference.


Show/Hide Host Properties Panel. Click a row to show or hide the Host Properties panel. It displays the following tabs:

Host details - Displays the host information such as Network Interfaces, operating system, hardware and others.

Risk details - Displays the distinct alerts associated with the risk score.


View Agent History - Displays the list of commands issued to the agent. For more information, see View Agent History.

Previous Topic:Files View
You are here
Table of Contents > NetWitness Endpoint Reference Materials > Hosts View