Skip navigation
All Places > Products > RSA NetWitness Platform > RSA NetWitness Platform Online Documentation > Documents
Log in to create and rate content, and to follow, bookmark, and share content with other members.

Investigate: Events View - File Panel

Document created by RSA Information Design and Development on Sep 18, 2017Last modified by RSA Information Design and Development on Jan 30, 2020
Version 22Show Document
  • Comment0
  • View in full screen mode
 

In the File panel (Events > File), you can safely view a list of files and download one or more files in an event.

Workflow

This workflow has references to several views that were renamed in Version 11.4: Event Analysis --> Events, Events --> Legacy Events.

the workflow of an investigation with the task to examine files highlighted

What do you want to do?

                                                          
User RoleI want to ...Show me how
Incident Responder

review critical incidents or alerts

NetWitness Respond User Guide

Threat Hunterquery a service, metadata, and time range

Filter Results in the Events View

Filter Results in the Navigate View

Create a Query in the Navigate and Legacy Events Views

Filter Results in the Legacy Events View

Threat Hunter

view metadata

Analyze Events in the Events View

Refining the Results Set

Threat Hunter

view raw event data

Filter Results in the Events View

Analyze Events in the Events View

Filter Results in the Legacy Events View

Threat Hunter

reconstruct the event

Analyze Events in the Events View

Reconstruct an Event in the Events View

Reconstruct an Event in the Legacy Events View

Threat Hunterexamine files*

Download Data in the Events View

Export or Print a Drill Point in the Navigate View

Export Events in the Legacy Events View

Threat Hunterperform lookups

Look Up Additional Context for Results

Launch a Lookup of a Meta Key

Threat Huntercreate an incident or add to an incident

Add Events to an Incident in the Legacy Events View

Add Events to an Incident in the Events View

Threat Hunter

add a meta value to a Context Hub list

Look Up Additional Context for Results

*You can perform this task in the current view.

Related Topics

Quick Look

The File panel displays a list of files associated with a network event. You can download files in this view.

Below is an example of the File panel with labeled features.

Note: The Email and Web reconstruction types at the top of the figure are available in Version 11.1 and later.

the File Analysis panel with labels

                     
1Click to download one or more selected files.
2The Event Header displays summary information for the network event that contains the files.
3Scrollable list of associated files that you can select and download.
4Reminder that caution is necessary when downloading potentially malicious files.

Previous Topic:Events View
You are here
Table of Contents > Investigate Reference Materials > Events View - File Panel

Attachments

    Outcomes

      Visibility: RSA NetWitness Platform Online Documentation278 Views
      Last modified on Jan 30, 2020 4:33 PM
      Tags:
      Ratings:

        Recommended Content

        Incoming Links