Investigate: Event Analysis View - Text Analysis Panel

Document created by RSA Information Design and Development on Sep 18, 2017Last modified by RSA Information Design and Development on Sep 11, 2018
Version 15Show Document
  • View in full screen mode
 

In the Text Analysis panel (Event Analysis > Text Analysis), you can safely view and analyze the raw text payload of an event. The Text Analysis panel includes features that can show decompressed or compressed text, expand truncated entries, perform URL and Base64 encoding and decoding, and download network events, logs, and endpoint events. The Text Analysis panel is available for all types of events: network, log, and endpoint.

Workflow

the Investigate Workflow with Analyze Raw Events and Metadata highlighted

What do you want to do?

                                                                              
User RoleI want to ...Show me how
Threat Hunter

browse event metadata

Begin an Investigation in the Navigate or Events View

Threat Hunter

browse raw events

Begin an Investigation in the Navigate or Events View

Threat Hunter

analyze raw events and metadata

Begin an Investigation in the Event Analysis View

Threat Hunter

query events in the Event Analysis view (Version 11.1)

Filter Results in the Event Analysis View

Threat Hunterexport events and files in the Event Analysis view*Download Data in the Event Analysis View

Threat Hunter

reconstruct events in Event Analysis view*

Examine Events in the Event Analysis View

Threat Hunterperform external lookups from the Event Analysis view (Version 11.1)*Act on Data in the Event Analysis View
Threat Hunter query events in the Navigate view Investigating Metadata in the Navigate View

Threat Hunter

query events in the Events view

Examining Raw Events in the Events View

Threat Hunterinvestigate endpoints (Version 11.1)Investigate Hosts

Threat Hunter

find suspicious endpoint files (Version 11.1)

Investigate Files

Threat Hunterscan files and events for malwareConducting Malware Analysis

Incident Responder

triage an incident in Investigate

NetWitness Respond User Guide

*You can perform this task in the current view.

Related Topics

Quick Look

The Event Analysis view displays the text of a single event in the Text Analysis panel. When you click an event in the Event list panel, the adjacent panel shows the Text Analysis. Only the raw log for log events and endpoint events is shown in the Text Analysis panel. For network events, the direction of the packet (Request or Response) and contents of each packet are provided in text format. For more examples of the Text Analysis, see Analyzing Raw Events and Metadata in the Event Analysis View. For detailed procedures, see Examine Events in the Event Analysis View.

Text Analysis with important features labeled

                         
1Options for exporting a log, a PCAP, or files for deeper analysis and to share with others. This download menu is for network data.
2The event header information.
3The payload for a network event includes requests and responses. This is the request side of the packet.
4This is the response side of the packet.
5

(Version 11.2 and later) Event pagination controls allow more flexibility in paging through a list of events. When a control is unavailable, the image is dimmed; for example, when you are viewing page 1, the the pagination button to go to page 1 and the pagination button to go to the previous page controls are dimmed.

the pagination button to go to page 1 - Go to the first page

the pagination button to go to the previous page - Go to the previous page

the pagination button to go to the next page - Go to the next page

the pagination button to go to the last page - Go to last page (Only available after last page has already been navigated to)

You are here
Table of Contents > Investigate Reference Materials > Event Analysis View - Text Analysis Panel

Attachments

    Outcomes