In NetWitness Investigate, the Hosts view provides a list of all hosts with an Endpoint agent installed. The table displays a set of default columns for the host. You can customize this view by setting the Hosts preferences.
To access this view, go to INVESTIGATE > Hosts.
The following figure shows the high-level Investigate workflow with Investigate Endpoints highlighted.
What do you want to do?
*You can perform this task in the current view.
- How NetWitness Investigate Works
- Investigating Hosts and Files
- Hosts View - Overview Tab
- Hosts View - Process Tab
- Hosts View - Autoruns Tab
- Hosts View - Files Tab
- Hosts View - Drivers Tab
- Hosts View - Libraries Tab
- Hosts View - System Information Tab
In the Hosts view, you can export host attributes and global files, perform an on-demand scan, set host preferences, view a list of hosts, and investigate in the Navigate or Events view.
Below is an example of the Hosts view:
|1||Add Filter Drop-down Menu. You can filter the hosts by choosing an operating system (Windows, Linux, or Mac), saved filters, or by selecting the options in the Add Filters drop-down menu. For more information, see Filter Hosts.|
|2||Saved Filters. The Saved Filters panel lists the saved filters. For more information, see Filter Hosts.|
|3||Actions in the toolbar: |
Start Scan - Starts a scan for the selected hosts.
Stop Scan - Stops a scan for the selected hosts.
Export to CSV - Extracts host attributes to a CSV file. For more information, Export Host Attributes.
Pivot to Endpoint - Lets you investigate the NetWitness Endpoint host (version 18.104.22.168 or later). For more information, see Investigate NetWitness Endpoint 22.214.171.124 or Later Hosts.
Delete - Lets you delete hosts manually from the user interface. After deletion, the Endpoint server does not process any request from this host.
|4||Settings Menu. You can set Hosts view preferences by selecting columns from the Settings menu. For more information, see Set Hosts Preference.|
Pivot to Navigate and Event Analysis views. To investigate a particular host, IP address, or username, you can pivot to both Navigate and Event Analysis views. For more information, see Pivot to the Navigate and Event Analysis Views.