Investigate: Add/Remove from List Dialog

Document created by RSA Information Design and Development on Sep 18, 2017Last modified by RSA Information Design and Development on May 8, 2018
Version 14Show Document
  • View in full screen mode
 

When working in Investigate, you may find an IP address or user name that you want to watch in the Navigate view or the Events view. In the Add/Remove from List dialog, you can add meta values for the Source IP, Destination IP, or Username meta keys to an existing context hub list or you can create a new list containing the meta values. When you add meta values to a list, you can look up additional context on those meta values.

To display the dialog. right-click a meta value under Source IP, Destination IP, or Username) and select Add/Remove from List in the context menu.

Workflow

The following workflow diagram shows the high-level workflow for Investigate with the location of the Add to List task highlighted.

high-level Investigate workflow with the location of the Add to List tas highlighted

What do you want to do?

                                                     
User RoleI want to ...11.1 Documentation
Threat Hunter

browse event metadata

Begin an Investigation in the Navigate or Events View

Threat Hunter

browse raw events

Begin an Investigation in the Navigate or Events View

Threat Hunter

analyze raw events and metadata

Begin an Investigation in the Event Analysis View

Threat Hunterinvestigate endpoints (Version 11.1)Investigate Hosts

Threat Hunter

find suspicious endpoint files (Version 11.1)

Investigate Files

Threat Hunterscan files and events for malwareConducting Malware Analysis

Incident Responder

triage an incident in Investigate

NetWitness Respond User Guide

Threat Huntercreate or add meta values to a Context Hub List*Manage Context Hub Lists and List Values in Investigate

Related Topics

Quick Look

The following figure is an example of the dialog when initially opened.
This is the Add/Remove from List dialog.

The following figure shows the dialog when you select Create New List.

This is how the dialog appears after clicking "Create new list"

The following table describes the features of Add/Remove from List and Create New List dialogs.

                                                
FeatureDescription
Meta ValueThe selected meta value to be added to the existing or new list.
ListThe list to which the selected meta value must be added. A drop-down menu provides a list of available lists to which you can add the meta value.
Create New ListOpens a new dialog in which you can create a new list for the selected meta value.
List NameThe name of the new list.
DescriptionThe description of the new list.
CreateCreate a new list after entering the required fields.
BackIn the new list mode, cancels the new list creation and returns to the original dialog.
CancelCancels the addition of the meta value to a list and closes the dialog.
SaveSaves the changes made to the lists and closes the dialog.
You are here
Table of Contents > Investigate Reference Materials > Add/Remove from List Dialog

Attachments

    Outcomes