Investigate: Hosts View

Document created by RSA Information Design and Development on Mar 2, 2018Last modified by RSA Information Design and Development on May 8, 2018
Version 6Show Document
  • View in full screen mode
 

Note: The information in this topic applies to RSA NetWitness® Suite Version 11.1 and later.

In NetWitness Investigate, the Hosts view provides a list of all hosts with an Endpoint agent installed. The table displays a set of default columns for the host. You can customize this view by setting the Hosts preferences.

To access this view, go to INVESTIGATE > Hosts.

Workflow

The following figure shows the high-level Investigate workflow with Investigate Endpoints highlighted.

high-level Investigate workflow with Investigate Endpoints and associated actions highlighted

What do you want to do?

                                                     
User RoleI want to ...11.1 Documentation
Threat Hunter

browse event metadata

Begin an Investigation in the Navigate or Events View

Threat Hunter

browse raw events

Begin an Investigation in the Navigate or Events View

Threat Hunter

analyze raw events and metadata

Begin an Investigation in the Event Analysis View

Threat Hunterinvestigate endpoints (Version 11.1)*Investigate Hosts

Threat Hunter

find suspicious endpoint files (Version 11.1)

Investigate Files

Threat Hunterscan files and events for malwareConducting Malware Analysis

Incident Responder

triage an incident in Investigate

NetWitness Respond User Guide

Threat Hunterexport host attributes and global files* Investigate Hosts

*You can perform this task in the current view.

Related Topics

Quick Look

In the Hosts view, you can export host attributes and global files, perform an on-demand scan, set host preferences, view a list of hosts, and investigate in the Navigate or Events view.

Below is an example of the Hosts view:

Hosts view

                         
1Add Filter Drop-down Menu. You can filter the hosts by choosing an operating system (Windows, Linux, or Mac), saved filters, or by selecting the options in the Add Filters drop-down menu. For more information, see Filter Hosts.
2Saved Filters. The Saved Filters panel lists the saved filters. For more information, see Filter Hosts.
3Actions in the toolbar:
Start Scan - Starts a scan for the selected hosts.
Stop Scan - Stops a scan for the selected hosts.
Export to CSV - Extracts host attributes to a CSV file. For more information, Export Host Attributes.
Pivot to Endpoint - Lets you investigate the NetWitness Endpoint host (version 4.4.0.2 or later). For more information, see Investigate NetWitness Endpoint 4.4.0.2 or Later Hosts.
Delete - Lets you delete hosts manually from the user interface. After deletion, the Endpoint server does not process any request from this host.

Note: Make sure that the agent is uninstalled from the host before deleting it from the user interface. For more information, see Delete a Host.

4Settings Menu. You can set Hosts view preferences by selecting columns from the Settings menu. For more information, see Set Hosts Preference.

5

Pivot to Navigate and Event Analysis views. To investigate a particular host, IP address, or username, you can pivot to both Navigate and Event Analysis views. For more information, see Pivot to the Navigate and Event Analysis Views.

Previous Topic:Investigate View
You are here
Table of Contents > Investigate Reference Materials > Hosts View

Attachments

    Outcomes