The Overview tab provides detailed scan results of the selected host. By default, the latest scan result is displayed. To access this view, go to INVESTIGATE > Hosts, and select a host from the Hosts view.
What do you want to do?
*You can perform this task in the current view.
Below is an example of the Overview tab:
Agent and Scan Details. You can view the following agent and scan details of the selected host:
Host name - Name of the host. For example, WIN-ABC.
Agent Scan Status - Current status of the scan - Idle, Scanning, Starting Scan, or Stopping Scan. For more information, see Investigate Hosts.
Agent Last Seen - Time when the agent last communicated with the server.
Last Scan Time - Last time the agent was scanned. The date and time is as per the time zone set in the User Preferences and is local to the server.
Agent Version - Version of the agent. For example, 188.8.131.52.
|2||Actions in the toolbar: |
Snapshot Time - Lists scanned time stamps. To view the scan history, select the snapshot time from the drop-down menu.
Start Scan - Starts scan for the selected hosts. For more information, see Investigate Hosts.
Export to CSV - Extracts host attributes to a CSV file. For more information, see Export Host Attributes.
Pivot to Endpoint - Lets you investigate the NetWitness Endpoint host (version 184.108.40.206 or later). For more information, see Investigate NetWitness Endpoint 220.127.116.11 or Later Hosts.
Export to JSON - Extracts host attributes and endpoint data to a JSON file of the selected snapshot.
|3||Search on Snapshots. Lets you search on all snapshots (file name, file path, and SHA-256 checksum). For more information, see Search on Snapshots.|
Summary of the selected host. Displays the following fields:
IP Addresses - IP addresses associated with the host. For example, 10.10.10.3.
Logged-in users - Users logged in to the host. For example, abc.
Security Configuration - Security configuration details on the host. For example, firewall disabled or enabled, smart screen filter disabled or enabled. This field is only applicable for Windows and Mac.
|5||Host Properties Panel. Displays all properties of the selected host. It is grouped as follows: |
Agent - Agent-related information, such as agent ID, driver error code, install time, and agent mode.
Operating System - Operating system version and build information.
Hardware - Information related to the architecture.
Network Interfaces - Network adapter information, such as Mac Address, Gateway.
User - Information related to the user.
Locale - Time zone and language that is local to the host.
Alerts - Alerts generated for the host.
Incidents - Incidents generated for the host.