Investigate: Event Analysis View - File Analysis Panel

Document created by RSA Information Design and Development on Sep 18, 2017Last modified by RSA Information Design and Development on Apr 25, 2019
Version 17Show Document
  • Comment0
  • View in full screen mode
 

In the File Analysis panel (Event Analysis > File Analysis), you can safely view a list of files and download one or more files in an event.

Workflow

the workflow of an investigation with the task to examine files highlighted

What do you want to do?

                                                          
User RoleI want to ...Show me how
Incident Responder

review critical incidents or alerts

NetWitness Respond User Guide

Threat Hunterquery a service, metadata, and time range

Filter Results in the Event Analysis View

Filter Results in the Navigate View

Create a Custom Query

Filter and Search Results in the Events View

Threat Hunter

view metadata

Examine Events in the Event Analysis View

Investigating Metadata in the Navigate View

Threat Hunter

view raw event data

Examine Events in the Event Analysis View

Examine Events in the Event Analysis View

Examining Raw Events in the Events View

Threat Hunter

reconstruct the event

Examine Events in the Event Analysis View

Reconstruction Types in the Event Analysis View

Reconstruct an Event

Threat Hunterexamine files*

Download Data in the Event Analysis View

Reconstruct an Event

Threat Hunterperform lookups

Act on Data in the Event Analysis View

Look Up Additional Context in the Event Analysis View

Launch an External Lookup of a Meta Key

Look Up Additional Context for a Data Point

Threat Huntercreate an incident or add to an incident

Add Events to an Incident for Response

 

Threat Hunter

add a meta value to a Context Hub list

Look Up Additional Context in the Event Analysis View

Look Up Additional Context for a Data Point

Manage Context Hub Lists and List Values in the Navigate and Events Views

*You can perform this task in the current view.

Related Topics

Quick Look

The File Analysis panel displays a list of files associated with a network event. You can download files in this view.

Below is an example of the File Analysis panel with labeled features.

Note: The Email and Web reconstruction types at the top of the figure are available in Version 11.1 and later.

the File Analysis panel with labels

                     
1Click to download one or more selected files.
2The Event Header displays summary information for the network event that contains the files.
3Scrollable list of associated files that you can select and download.
4Reminder that caution is necessary when downloading potentially malicious files.

Previous Topic:Event Analysis View
You are here
Table of Contents > Investigate Reference Materials > Event Analysis View - File Analysis Panel

Attachments

    Outcomes

      Visibility: RSA NetWitness Platform Online Documentation197 Views
      Last modified on Apr 25, 2019 12:04 PM
      Tags:
      Ratings: