In the Lists tab, you can create and configure lists for Context Hub. Navigate to ADMIN > SERVICES > Select Context Hub service > View > Config > Lists tab.
The Lists tab of the Context Hub service allows you to create one or more lists and add relevant list values to the list. These lists are automatically considered as data sources for the Context Hub service.
These lists may be populated with items either by importing CSV files or by adding meta values by using the option Add/Remove from List in Investigation and Respond views.
This workflow shows the procedure to configure lists for Context Hub service and to view contextual information in the Respond and Investigate views.
Creating one or more list is the first task in this workflow. The lists can contain supported metas such as an IP address, User, Host, Domain, MAC address, File Name or File Hash. The next task is to analyze or use the list data to view contextual data in Respond and Investigate views.
What do you want to do?
*You can complete this task here (that is in the Context Hub Lists Tab).
- Context Hub Data Sources Tab
- "Troubleshooting NetWitness Investigate" in the NetWitness Investigate User Guide
The following example illustrates how to add lists for Context Hub service.
The List tab consists of the Lists panel and List Values panel. The Lists panel has a toolbar with options to add, delete, import, and export lists. The entries under List Name are lists that are added or imported for the Context Hub service.
By default, 10 empty single-column lists are available in RSA NetWitness Suite11.1. These lists are empty and you need to add information to these lists. The out of the box 10 list names are used in ESA rules, for more information on ESA rules, see the Alerting with ESA Correlation Rules User Guide. For users upgrading from previous versions, they will be able to view these new lists in addition to their previously created lists. The lists available by default are:
The lists are available in ESA rules tab in CONFIGURE > ESA Rules > Settings > Enrichment Sources. For more information on ESA rules, see the Alerting Using ESA Guide for Version 11.1.
The List Values panel has a toolbar with options to add, delete, and import list values to the selected list. The entries under Value identify each list entry included in the list.
The following table describes the toolbar actions.
List View Options
The following table describes the Lists configurations.
After completing the configuration, you can view the contextual data in the Context Summary Panel of the Respond view or Investigate view. For instructions, Navigate to Context Summary Panel and View Additional Context topic in the Investigation and Malware Analysis User Guide.