Investigate: Hosts View - Drivers Tab

Document created by RSA Information Design and Development on Mar 2, 2018Last modified by RSA Information Design and Development on May 8, 2018
Version 6Show Document
  • View in full screen mode
 

Note: The information in this topic applies to RSA NetWitness® Suite Version 11.1 and later.

The Drivers tab lists the drivers running on the hosts at the time of scan. To access this tab, select a host from the Hosts view and click the Drivers tab.

Workflow

high-level Investigate workflow with Investigate Endpoints and associated actions highlighted

What do you want to do?

                                                     
User RoleI want to ...11.1 Documentation
Threat Hunter

browse event metadata

Begin an Investigation in the Navigate or Events View

Threat Hunter

browse raw events

Begin an Investigation in the Navigate or Events View

Threat Hunter

analyze raw events and metadata

Begin an Investigation in the Event Analysis View

Threat Hunterinvestigate endpoints (Version 11.1)*Investigate Hosts

Threat Hunter

find suspicious endpoint files (Version 11.1)

Investigate Files

Threat Hunterscan files and events for malwareConducting Malware Analysis

Incident Responder

triage an incident in Investigate

NetWitness Respond User Guide

Threat Hunterview the drivers running on the host* Investigate Hosts

*You can perform this task in the current view.

Related Topics

Quick Look

Below is an example of the Drivers tab:

Drivers tab

                           
FieldDescription
FilenameName of the file. For example, acpi.sys.
Signature Indicates if the file is signed or unsigned, valid or invalid, and provides signatory information.

Path

Path of the file. For example, C:\Windows\System32\drivers.

File Creation Time

Time when the file was created.

Driver Properties Panel

This panel displays all properties of the selected file. It is grouped as follows:

                                   
CategoryDescription
General
  • General information about the file, such as file name, entropy, size, and format.
  • SignatureProvides signatory information.
    HashHash type of the file (MD5, SHA256, and SHA1).
    TimeTime when the file was created, modified, or accessed.
    LocationLocation of the file.
    ImageLoaded image.
    You are here
    Table of Contents > Investigate Reference Materials > Hosts View - Drivers Tab

    Attachments

      Outcomes