The File tab is in the Event Details panel. Here you can safely view a list of files and download one or more files in an event.
Workflow
What do you want to do?
User Role | I want to ... | Show me how |
---|---|---|
Incident Responder or Threat Hunter | review detections and signals seen in my environment | NetWitness Platform Getting Started Guide |
Incident Responder | review critical incidents or alerts | NetWitness Respond User Guide |
Threat Hunter | query a service, metadata, and time range | Begin an Investigation in the Events View Begin an Investigation in the Navigate or Legacy Events View |
Threat Hunter | view metadata | |
Threat Hunter | view sequential events | |
Threat Hunter | reconstruct and analyze an event | |
Threat Hunter | examine files and associated hosts* | Download Data in the Events View |
Threat Hunter | perform lookups | |
Threat Hunter | create an incident or add to an incident | |
Threat Hunter | add a meta value to a Context Hub list |
*You can perform this task in the current view.
Related Topics
- How NetWitness Investigate Works
- Events View - Packet Tab
- Events View - Text Tab
- Events View - File Tab
- Events View - Email Tab
- Events View - Host Tab
Quick Look
The File panel displays a list of files associated with a network event. You can download files in this view.
Below is an example of the File panel.
Feature | Description |
---|---|
Download Files button | Click to download one or more selected files. |
Event Header | The Event Header displays summary information for the network event that contains the files. |
Files List | Scrollable list of associated files that you can select and download. |