The Host tab is in the Event Details panel. Here you can view network events enriched with endpoint data such as host and process triggered for the selected network event and other details such as risk score, reputation, and logged in user. The host panel is available for network events with endpoint data only.
What do you want to do?
|User Role||I want to ...||Show me how|
Incident Responder or Threat Hunter
review detections and signals seen in my environment
NetWitness Platform Getting Started Guide
review critical incidents or alerts
NetWitness Respond User Guide
|Threat Hunter||query a service, metadata, and time range|
view sequential events
reconstruct and analyze an event*
|Threat Hunter||examine files and associated hosts|
|Threat Hunter||perform lookups*|
|Threat Hunter||create an incident or add to an incident|
add a meta value to a Context Hub list
*You can perform this task in the current view.
- How NetWitness Investigate Works
- Events View - Packet Tab
- Events View - Text Tab
- Events View - File Tab
- Events View - Email Tab
Below is an example of the Host panel with labeled features.
The event header displays the summary of network events enriched with endpoint data. It includes:
You can view additional details about the host and process. For more information, see Host Information.