Investigate: Events View - Host Tab

Document created by RSA Information Design and Development Employee on Sep 8, 2020Last modified by RSA Product Team on Sep 10, 2020
Version 3Show Document
  • View in full screen mode

The Host tab is in the Event Details panel. Here you can view network events enriched with endpoint data such as host and process triggered for the selected network event and other details such as risk score, reputation, and logged in user. The host panel is available for network events with endpoint data only.

Workflow

high-level workflow with Email panel tasks highlighted

What do you want to do?

User RoleI want to ...Show me how

Incident Responder or Threat Hunter

review detections and signals seen in my environment

NetWitness Platform Getting Started Guide

Incident Responder

review critical incidents or alerts

NetWitness Respond User Guide

Threat Hunterquery a service, metadata, and time range

Begin an Investigation in the Events View

Begin an Investigation in the Navigate or Legacy Events View

Threat Hunter

view metadata

Filter Results in the Navigate View

Drill into Metadata in the Events View (BETA)

Threat Hunter

view sequential events

Filter Results in the Events View

Filter Results in the Legacy Events View

Threat Hunter

reconstruct and analyze an event*

Examine Event Details in the Events View

Reconstruct an Event in the Legacy Events View

Threat Hunterexamine files and associated hosts

Download Data in the Events View

Export or Print a Drill Point in the Navigate View

Export Events in the Legacy Events View

Threat Hunterperform lookups*

Look Up Additional Context for Results

Launch a Lookup of a Meta Key

Threat Huntercreate an incident or add to an incident

Add Events to an Incident in the Legacy Events View

Add Events to an Incident in the Events View

Threat Hunter

add a meta value to a Context Hub list

Look Up Additional Context for Results

*You can perform this task in the current view.

Related Topics

Quick Look

Below is an example of the Host panel with labeled features.

1

The event header displays the summary of network events enriched with endpoint data. It includes:

  • Host - The host from where the event originated.
  • Process - The source process which triggered the event.
  • User - The user associated with the triggered process.
2

You can view additional details about the host and process. For more information, see Host Information.

 

Previous Topic:Events View - File Tab
You are here

Table of Contents > Investigate Reference Materials > Events View - Host Tab

Attachments

    Outcomes