The NetWitness Suite modules that are listed in the NetWitness Suite menu (Administration, Investigation, Live, Alerts, Reports, more) are called views, and each view provides functions tailored for the module. In addition, there is a Profile view, accessible directly from the NetWitness Suite menu, which presents options for user preferences.
To display a view, select a module from the NetWitness Suite menu. For example, NetWitness Suite, Administration, Investigation, or Live. As you roll your cursor over the module, you can select a view from the options menu. From within the module, you can select an alternate view from the NetWitness Suite toolbar. For example, Administration has six views: Hosts, Services, Event Sources, Health & Wellness, System, and Security.
This example of the Administration Hosts view illustrates some of the features of a view.
Each view has different features. Any combination of these features is possible in a view:
- Panels: there are two different types of specialized panels, options panel and node tree
- Grids or tables
- Context menus
The general parts of a view are labeled in the figures below.
The following table provides descriptions of the features labeled above.
Breadcrumbs display the options selected to reach this view. Click on a crumb to go back to the view or menu. In some modules breadcrumbs have additional functions. For example, in Investigation a breadcrumb represents a sequence of queries used to reach the current drill point and you can edit the query directly from the breadcrumb.
Context menus offer options that pertain specifically to the current context. In certain views, hovering over an item and right-clicking the mouse displays the options that can apply to that item. Throughout the NetWitness Suite documentation, context menus are discussed in the pertinent modules and views.
A good example of a context menu is shown in the Navigation view. When you right-click a count for a meta value (the green number in the parentheses), the menu offers one option: to open the drill in a new tab.
When you right-click on the meta value (blue text), a different context menu is displayed. In this context, there are options to scan for malware, look up the value in Investigation and to display the same drill in a new tab, apply the reverse of this drill (!EQUALS) in the same tab, or apply the reverse of this drill in a new tab.