In the Text Analysis panel (Event Analysis > Text Analysis), you can safely view and analyze the raw text payload of an event. The Text Analysis panel includes features that can show decompressed or compressed text, expand truncated entries, perform URL and Base64 encoding and decoding, and download network events, logs, and endpoint events. The Text Analysis panel is available for all types of events: network, log, and endpoint.
What do you want to do?
*You can perform this task in the current view.
- How NetWitness Investigate Works
- Event Analysis View
- Event Analysis View - Packet Analysis Panel
- Event Analysis View - File Analysis Panel
The Event Analysis view displays the text of a single event in the Text Analysis panel. When you click an event in the Event list panel, the adjacent panel shows the Text Analysis. Only the raw log for log events and endpoint events is shown in the Text Analysis panel. For network events, the direction of the packet (Request or Response) and contents of each packet are provided in text format. For more examples of the Text Analysis, see Analyzing Raw Events and Metadata in the Event Analysis View. For detailed procedures, see Examine Events in the Event Analysis View.
|1||Options for exporting a log, a PCAP, or files for deeper analysis and to share with others. This download menu is for network data.|
|2||The event header information.|
|3||Click to view the network payload in compressed or decompressed form.|
|4||The payload for a network event includes requests and responses. This is the request side of the packet.|
|5||This is the response side of the packet. Only 1% of the response is displayed because it has been truncated to allow viewing of more packets. When you scroll down, you can click an option to display the rest of the payload.|
|6||This message is displayed when the threshold of 2500 packets is reached, a measure to optimize performance. Additional packets will not be displayed. You may want to download the event to view all of the packets.|