Context Hub: List Tab

Document created by RSA Information Design and Development on Sep 15, 2017Last modified by RSA Information Design and Development on Oct 4, 2017
Version 5Show Document
  • View in full screen mode
  

In the Lists tab, you can create and configure lists for Context Hub. Navigate to ADMIN > SERVICES > Select Context Hub service > View > Config > Lists tab.

The Lists tab of the Context Hub service allows you to create one or more lists and add relevant list values to the list. These lists are automatically considered as data sources for the Context Hub service.

These lists may be populated with items either by importing CSV files or by adding meta values by using the option Add/Remove from List in Investigation and Respond views.

Note: You can also create lists and add list values from Respond and Investigation views. For more information, see the RSA NetWitness Respond User Guide and the RSA Netwitness Investigation and Malware Analysis Guide.

Workflow

This workflow shows the procedure to configure lists for Context Hub service and to view contextual information in the Respond and Investigate views.

Workflow to explain the actions of the Context Hub Lists tab

Creating one or more list is the first task in this workflow. The lists can contain supported metas such as an IP address, User, Host, Domain, MAC address, File Name or File Hash. The next task is to analyze or use the list data to view contextual data in Respond and Investigate views.

What do you want to do?

                                                     
Role I want to ...Show me how
AdministratorConfigure List Data Source for Context Hub*Configure Lists as a Data Source
Administrator/ AnalystView Contextual Information in Respond View

See the NetWitness Respond User Guide.

Administrator/ Analyst

"Manage Lists and List Values in Investigation

See the Investigation and Malware Analysis User Guide.

Administrator/ Analyst

Create a list

See the NetWitness Respond User Guide and Investigation and Malware Analysis User Guide

Administrator/ AnalystUpdate a listSee the NetWitness Respond User Guide and Investigation and Malware Analysis User Guide

Administrator/ Analyst

Delete list

See the NetWitness Respond User Guide and Investigation and Malware Analysis User Guide

Administrator/ AnalystImport a listImport or Export Lists for Context Hub

Administrator/ Analyst

Export list

Import or Export Lists for Context Hub

*You can complete this task here (that is in the Context Hub Lists Tab).

Related Topics

Quick Look

The following example illustrates how to add lists for Context Hub service.

The List tab consists of the Lists panel and List Values panel. The Lists panel has a toolbar with options to add, delete, import, and export lists. The entries under List Name are lists that are added or imported for the Context Hub service. 
The List Values panel has a toolbar with options to add, delete, and import list values to the selected list. The entries under Value identify each list entry included in the list.

Screenshot describing the List tab features.

                                     
1Click to add a new list.
2Name that identifies the list.
3Description of the list.
4Click to import list(s) to Context Hub.
5Click to export a list to the local machine.
6Click to import list values to selected list.
7Displays the custom list(s) that are added to Context Hub.
8Displays the list values that are added to the selected list.

Toolbar

The following table describes the toolbar actions.

                           
FeatureDescription

Add a new list.

For more information, see Configure Lists as a Data Source.

Delete a list.

If you delete a list from Context Hub, the list is no longer considered as a data source for retrieving contextual information.

Import lists to Context Hub.

For more information, see Import or Export Lists for Context Hub.

Export a list to the local machine.

For more information, see Import or Export Lists for Context Hub.

List View Options

The following table describes the Lists configurations.

                       
FeatureDescription
List NameUnique name to identify the list.
DescriptionDescription of the list.
SaveSaves the changes made to the list.

Next steps 

After completing the configuration, you can view the contextual data in the Context Summary Panel of the Respond view or Investigate view. For instructions, Navigate to Context Summary Panel and View Additional Context topic in the Investigation and Malware Analysis User Guide.

Next Topic:Troubleshooting
You are here
Table of Contents > Context Hub References > Context Hub Lists Tab

Attachments

    Outcomes