Investigate: Event Analysis View - File Analysis Panel

Document created by RSA Information Design and Development on Sep 18, 2017Last modified by RSA Information Design and Development on Oct 24, 2017
Version 8Show Document
  • View in full screen mode
 

In the File Analysis panel (Event Analysis > File Analysis), you can safely view a list of files and download one or more files in an event that you found in the Navigate view or the Events view.

Workflow

the Investigate workflow with Conduct Interactive Analysis highlighted

What do you want to do?

                                                
User RoleI want to ...Documentation

Threat Hunter

submit queryBeginning an Investigation of a Service or Collection
Threat Hunterview query resultsConducting an Investigation

Threat Hunter

reconstruct an event

Reconstruct an Event

Threat Hunteranalyze an event* Analyze Events in the Event Analysis View
Threat Hunter export files from an event*

Analyze Events in the Event Analysis View

Threat Hunterconduct malware analysisConducting Malware Analysis

Incident Responder

investigate an incident

NetWitness Respond User Guide

*You can perform this task in the current view.

Related Topics

Quick Look

The File Analysis panel displays a list of files associated with a network event. You can download files in this view.

Below is an example of a File Analysis.

Example of the File Analysis with labels

                     
1Click to download one or more selected files.
2The Event Header displays summary information for the network event that contains the files.
3Scrollable list of associated files that you can select and download.
4Reminder that caution is necessary when downloading potentially malicious files.
Previous Topic:Event Analysis View
You are here
Table of Contents > Investigation Reference Materials > Event Analysis View - File Analysis Panel

Attachments

    Outcomes