Investigate: Open the Events List

Document created by RSA Information Design and Development on Sep 18, 2017Last modified by RSA Information Design and Development on Oct 24, 2017
Version 8Show Document
  • View in full screen mode
 

Analysts can view a list of events associated with a session in the Investigation > Events view.

There are two ways to display the Events view:

  1. In the Investigate view, select the Events view. NetWitness Suite runs a default query on the last three hours for the default service (if one is set) or displays a dialog in which you can select a service and then runs the default query. The default query selects all events and the Events view displays events on the selected service, with the oldest events first. 
  2. In the Navigate view, click a meta value, which represents an event. The Events view displays the events based on the drill point in the Navigate view. The Events view provides three built-in presentations of event data: the Detail view, the List view, and the Log view.
    Events Detail view
    You can use queries, the time range setting, and profiles to filter the events listed in the Events view. From any view type in Events view, you can extract files, export events, export logs, and open the Event Reconstruction panel by double-clicking an event. See Examining Events for detailed information about these capabilities.
You are here
Table of Contents > Conducting an Investigation > Acting on a Drill Point in the Navigate View > Open the Events List

Attachments

    Outcomes