on Sep 18, 2017In the File panel (Events > File), you can safely view a list of files and download one or more files in an event.
Workflow
What do you want to do?
| User Role | I want to ... | Show me how |
|---|---|---|
| Incident Responder | review critical incidents or alerts | NetWitness Respond User Guide |
| Threat Hunter | query a service, metadata, and time range | Filter Results in the Events View Filter Results in the Navigate View |
| Threat Hunter | view metadata | |
| Threat Hunter | view raw event data | Filter Results in the Events View |
| Threat Hunter | reconstruct the event | Analyze Events in the Events View |
| Threat Hunter | examine files* | Download Data in the Events View |
| Threat Hunter | perform lookups | |
| Threat Hunter | create an incident or add to an incident | |
| Threat Hunter | add a meta value to a Context Hub list |
*You can perform this task in the current view.
Related Topics
Quick Look
The File panel displays a list of files associated with a network event. You can download files in this view.
Below is an example of the File panel with labeled features.
Note: The Email and Web reconstruction types at the top of the figure are available in Version 11.1 and later.
| 1 | Click to download one or more selected files. |
| 2 | The Event Header displays summary information for the network event that contains the files. |
| 3 | Scrollable list of associated files that you can select and download. |
| 4 | Reminder that caution is necessary when downloading potentially malicious files. |
