Investigate: Manage Column Groups Dialog

Document created by RSA Information Design and Development on Sep 18, 2017•Last modified by RSA Information Design and Development on Sep 11, 2018

Version 15Show Document

Like • Show 0 Likes0
Comment • 0
View in full screen mode

You can customize the way data is displayed by defining the meta to display in a column, the position of the column in the grid, and the default width of the column. In the Manage Column Groups dialog, you can add, delete, import, export, and edit column groups to display specific meta keys. At fresh installation, out-of-the-box (OOTB) column groups are available for use in the Manage Column Groups dialog. The OOTB column groups are prefixed with RSA for identification and can be duplicated but cannot be edited or deleted. You can also create custom column groups.

To access this dialog, go to INVESTIGATE > Events and in the View drop-down list select Manage Column Groups. The View option is named for the current value, for example, Detail View, List View, Log View, or the currently selected column group.

Workflow

What do you want to do?

User Role	I want to ...	Show me how
Threat Hunter	browse event metadata	Begin an Investigation in the Navigate or Events View
Threat Hunter	browse raw events	Begin an Investigation in the Navigate or Events View
Threat Hunter	analyze raw events and metadata	Begin an Investigation in the Event Analysis View
Threat Hunter	investigate endpoints (Version 11.1)	Investigate Hosts
Threat Hunter	find suspicious endpoint files (Version 11.1)	Investigate Files
Threat Hunter	scan files and events for malware	Conducting Malware Analysis
Incident Responder	triage an incident in Investigate	NetWitness Respond User Guide
Threat Hunter	configure column groups	Manage Column Groups in the Events View

*You can perform this task in the current view.

Quick Look

The Manage Column Groups dialog has two panels: Groups and Settings.

At the bottom of this dialog are four buttons: Close, Cancel, Save, and Save and Apply. The following table provides descriptions of these buttons.

Feature	Description
Close	Closes the dialog without saving.
Cancel	Cancels all unsaved changes.
Save	Saves all changes without closing the dialog.
Save and Apply	Saves and applies all changes immediately, closing the dialog.

Groups Panel

The left panel is the Groups panel. This is where you can add, delete, import, or export column groups. At the top of the panel is a toolbar which provides actions. Below the toolbar is a list of added column groups, where you can select one or more groups.

The following table lists the actions in the toolbar.

Action	Description
	Adds a column group. Clicking this button highlights the Settings panel on the right, where you can name the column group and add or delete meta keys. At least one meta key is required to add a group.
	Deletes a column group. A confirmation dialog is displayed before the selected group is deleted.
	Displays the Import Column Groups dialog, where you can select a file to upload.
	Exports one or more selected groups to your computer.

Settings Panel

The right panel is the Settings panel. This is where you can create and edit column groups. This panel contains the Name field, a toolbar, and a grid.

The following table describes the features of the Settings panel.

Feature	Description
Name	The name of the selected column group.
	Adds a new row to the list of meta keys, where you can open a drop-down menu to select a new meta key.
	Deletes one or more selected meta keys. Displays a confirmation dialog before deleting.
Reset	Returns column group to its most recently saved settings.
Meta Key	Lists the meta keys added to the selected column group.
Display Name	Lists the names of the meta keys as they will be displayed in the Events view.
Width	Specifies the width of each meta key's column. The width can be set between 10 and 1000. The default width is 100.