Investigate: Event Analysis View - File Analysis Panel

Document created by RSA Information Design and Development on Sep 18, 2017Last modified by RSA Information Design and Development on May 8, 2018
Version 14Show Document
  • View in full screen mode
 

In the File Analysis panel (Event Analysis > File Analysis), you can safely view a list of files and download one or more files in an event.

Workflow

the Investigate Workflow with Analyze Raw Events and Metadata highlighted

What do you want to do?

                                                                              
User RoleI want to ...11.1 Documentation
Threat Hunter

browse event metadata

Begin an Investigation in the Navigate or Events View

Threat Hunter

browse raw events

Begin an Investigation in the Navigate or Events View

Threat Hunter analyze raw events and metadata

Begin an Investigation in the Event Analysis View

Threat Hunter

query events in the Event Analysis view (Version 11.1)

Filter Results in the Event Analysis View

Threat Hunterexport events and files in the Event Analysis view*Download Data in the Event Analysis View

Threat Hunter

reconstruct events in Event Analysis view

Examine Events in the Event Analysis View

Threat Hunterperform external lookups from the Event Analysis view (Version 11.1) Act on Data in the Event Analysis View
Threat Hunter query events in the Navigate view Investigating Metadata in the Navigate View

Threat Hunter

query events in the Events view

Examining Raw Events in the Events View

Threat Hunterinvestigate endpoints (Version 11.1)Investigate Hosts

Threat Hunter

find suspicious endpoint files (Version 11.1)

Investigate Files

Threat Hunterscan files and events for malwareConducting Malware Analysis

Incident Responder

triage an incident in Investigate

NetWitness Respond User Guide

*You can perform this task in the current view.

Related Topics

Quick Look

The File Analysis panel displays a list of files associated with a network event. You can download files in this view.

Below is an example of the File Analysis panel with labeled features.

Note: The Email and Web reconstruction types at the top of the figure are available in Version 11.1 and later.

the File Analysis panel with labels

                     
1Click to download one or more selected files.
2The Event Header displays summary information for the network event that contains the files.
3Scrollable list of associated files that you can select and download.
4Reminder that caution is necessary when downloading potentially malicious files.
Previous Topic:Event Analysis View
You are here
Table of Contents > Investigate Reference Materials > Event Analysis View - File Analysis Panel

Attachments

    Outcomes