Responses are different types of context information that are available for a data source. The configuration of these responses for each data source controls what appears in the Context Lookup panel displayed in Investigation views when Context Lookup is performed. The types of responses for AD data source are Users, Computers, and Groups.
Responses for each data source is already configured with default values for optimal performance. You can view or edit the default values by using the procedure in this topic.
- Context Hub is enabled and the service is available in ADMIN > Services view of NetWitness Suite.
- The NetWitness Endpoint data source is available and running.
Configure Responses and Meta Mapping for NetWitness Endpoint Data Sources
To view/edit responses and meta mapping for a data source:
- In the Data Sources tab, select the NetWitness Endpoint data source and click .
The Configure EndPoint Responses dialog is displayed.
- Select the response type (Alerts, or Incidents) to view and edit the settings.
Configure the following fields:
- Click Save to save the changes.
After completing the configuration, you can use the Context Lookup option in Investigate > Navigate view or Investigation > Events view to fetch contextual information. For instructions, see the View Additional Context for a Data Point topic in the Investigation and Malware Analysis Guide.