To access this tab, in the NetWitness ADMIN> Event Sources. The Discovery tab is displayed.
The Discovery tab lets you review the event source types that NetWitness has discovered for each address and the system’s confidence of how likely it is that they were identified completely accurately. If the discovered event source types are correct, you can acknowledge to filter out that event source. If incorrect, you can set the allowed event source types for a particular address so that future logs will parse against the correct parsers.
This workflow shows the overall process for configuring event sources.
The following example displays a list of addresses and their discovered Event Source types. The Event Source types display the Event Sources that have been discovered.
This is an example of the tab.
|1||Displays the Event Source panel with the Discovery tab open.|
|2||View Details button to view details of the selected Event Source.|
|3||Displays the address of the selected Event Source.|
|4||Displays the discovery score of the selected Event Source.|
|5||Displays whether or not the selected Event Source has been acknowledged.|
|6||Displays whether or not the selected Event Source has been mapped to a corresponding Event Source type.|
|7||Displays the host names of the Log Collectors where the Event Sources are located.|
|8||Displays the host names of the Log Decoders where the Event sources are located.|
|9||Displays the discovered Event Source Types and their associated discovery scores.|
|10||Displays the Show Acknowledged and Show Mapped filter with options to acknowledge and map selected event sources.|
Toolbar and Features
The Discovery tab contains the following features:
The following table describes the sorting order for discovery scores. To access the Sorting Order drop-down menu, click on the down arrow in the Event Sources column.