After logging in to NetWitness Suite, you can make navigating the application easier by setting up your default view based on your Security Operations (SOC) role. You set your default view, also known as a landing page, in your user preferences.
The following figure shows the main NetWitness Suite views.
- Respond: This view is for Incident Responders, who can view a list of incidents to triage and alerts. For legacy 10.6 users, this view was known as the Incident Management view and the Respond > Alerts view replaces the ESA 10.6 Alerts > Summary view .
Respond is the default opening view. If you do not have permission to see the Respond view, you will have Monitor as your default view.
- Investigate: This view is for Threat Hunters, who investigate and hunt for advanced threats.
- Monitor: This view is for all users and it is the classic view for previous application versions. You can view dashboards and reports on different areas of interest depending on your user permissions. You have the option to select a preconfigured dashboard, import a dashboard, or create your own custom dashboard.
- Configure: This view is for Threat Intel (content) personnel, who configure data sources and inputs to NetWitness Suite. Threat Intel personnel use this area to download and manage Live content. They can also create and manage incident and ESA rules.
For legacy 10.6 users, this view was Live, Incidents > Configure, and Alerts > Configure.
- Admin: This view is for System Administrators, who set up and maintain the overall application.
You can select any of the main NetWitness Suite views as your default view. In addition to the main views, NetWitness Suite has predefined dashboards that you can select in the Monitor view depending on the tasks you perform:
Operations - Logs Dashboard
- Operations - Network Dashboard
- Overview Dashboard
Threat - Indicators Dashboard
- Threat - Intrusion Dashboard
The following table shows typical SOC roles and the available views you can select as your landing page in your user preferences based on your SOC role. If you have more than one role, select the view that is most appropriate for you to start with when you log in to NetWitness Suite.
Setting Your Default View
- In the Default Landing Page field, select the default view that you would like to see when you log in to NetWitness Suite. Use the above table to make your selection based on your SOC role. For example, if you are an Incident Responder, you can select Respond and if you are a Threat Hunter, you can select Investigate.
Your preferences become effective immediately. You can change your default landing page at any time. For information on other preferences, see Setting User Preferences.
- To verify that you can see the correct default view, click Sign Out to log out and then log back in to NetWitness Suite.
Basic Troubleshooting Tips for User Setup
The following table provides basic troubleshooting tips that may be helpful for user setup in NetWitness Suite.