on Sep 18, 2017The File tab is in the Event Details panel. Here you can safely view a list of files and download one or more files in an event.
Workflow
What do you want to do?
| User Role | I want to ... | Show me how |
|---|---|---|
| Incident Responder or Threat Hunter | review detections and signals seen in my environment | NetWitness Platform Getting Started Guide |
| Incident Responder | review critical incidents or alerts | NetWitness Respond User Guide |
| Threat Hunter | query a service, metadata, and time range | Begin an Investigation in the Events View Begin an Investigation in the Navigate or Legacy Events View |
| Threat Hunter | view metadata | |
| Threat Hunter | view sequential events | |
| Threat Hunter | reconstruct and analyze an event | |
| Threat Hunter | examine files and associated hosts* | Download Data in the Events View |
| Threat Hunter | perform lookups | |
| Threat Hunter | create an incident or add to an incident | |
| Threat Hunter | add a meta value to a Context Hub list |
*You can perform this task in the current view.
Related Topics
- How NetWitness Investigate Works
- Events View - Packet Tab
- Events View - Text Tab
- Events View - File Tab
- Events View - Email Tab
- Events View - Host Tab
Quick Look
The File panel displays a list of files associated with a network event. You can download files in this view.
Below is an example of the File panel.
| Feature | Description |
|---|---|
| Download Files button | Click to download one or more selected files. |
| Event Header | The Event Header displays summary information for the network event that contains the files. |
| Files List | Scrollable list of associated files that you can select and download. |
