Investigate: Hosts View - System Information Tab

Document created by RSA Information Design and Development on Mar 2, 2018Last modified by RSA Information Design and Development on Sep 11, 2018
Version 7Show Document
  • View in full screen mode
 

Note: The information in this topic applies to RSA NetWitness® Platform Version 11.1 and later.

The System Information tab lists the agent system information. To access this tab, select a host from the Hosts view and click the System Information tab.

Workflow

high-level Investigate workflow with Investigate Endpoints and associated actions highlighted

What do you want to do?

                                                     
User RoleI want to...Show me how
Threat Hunter

browse event metadata

Begin an Investigation in the Navigate or Events View

Threat Hunter

browse raw events

Begin an Investigation in the Navigate or Events View

Threat Hunter

analyze raw events and metadata

Begin an Investigation in the Event Analysis View

Threat Hunterinvestigate endpoints (Version 11.1)*Investigate Hosts

Threat Hunter

find suspicious endpoint files (Version 11.1)

Investigate Files

Threat Hunterscan files and events for malwareConducting Malware Analysis

Incident Responder

triage an incident in Investigate

NetWitness Respond User Guide

Threat Hunterview the agent system information* Analyze System Information

*You can perform this task in the current view.

Related Topics

Quick Look

Below is an example of the System Information tab:

System Information tab

                                   
FieldDescription
Host File EntriesAll network redirections written in the host file. For example, IP Address - 10.10.10.3 and DNS Name - localhost,localhost.localdomain,localhost4,localhost4.localdomain4
Network Shares

Network name of the shared resource (for Windows only). For example, Name - Admin$, Description - Remote Admin, Path - C:\, Permissions - None, Type - disk, special, Max Users - 4294967295, Current Users - 0.

Security Products

Installed security products (for Windows only). For example, Display Name - Windows Defender, Instance - D68DDC3A-831F-4FAE-9E44-DA132C1ACF46, Features - Enabled, Type - antiVirus.

Windows PatchesList of patches applied by Windows update (for Windows only). For example, KB2959936.
Mounted PathsPath mounted on. For example, Path - /, File System - rootfs, Remote Path - rootfs, Options - rw.
Bash HistoryUser name and command run. For example, User Name - root and Command - ls.

Note: For Mac hosts, the Mounted Paths and Bash History fields are empty.

You are here
Table of Contents > Investigate Reference Materials > Hosts View - System Information

Attachments

    Outcomes