The Investigate view ( INVESTIGATE ) is the primary entry point to NetWitness Investigate. The Investigate view has five submenus, which open different views that allow you to analyze events from different perspectives. The submenus are: Navigate, Events, Event Analysis, Hosts, Files, and Malware Analysis.
You can use the submenu options to move between the different views.
- The Navigate view, Events view, and Event Analysis view offer linkages to each other to look at the current results from a different perspective, which provides some continuity for the investigation as you move between views.
- The Hosts view and Files view integrate NetWitness Endpoint into Investigate, and provide a view of all hosts with a NetWitness Endpoint agent installed and a view of unique executable files found in the deployed environment.
- The Malware Analysis view provides the ability to scan files found in one of the other views or collected by continuous scanning of network traffic.
The workflow below depicts the high-level tasks when investigating events.
What do you want to do?
*You can perform this task in the current view.
- How NetWitness Investigate Works
- Beginning an Investigation
- Configuring NetWitness Investigate Views and Preferences
- Navigate View
- Events View
- Event Analysis View
- Hosts View
- Files View
- Malware Analysis View
The Investigate view consists of five views, each representing a different approach to analyzing data. By default, Investigate opens to the Navigate view. You can change the default view to one of the other views. See How NetWitness Investigate Works for an introduction to the uses for each view. The following figure illustrates the submenus under INVESTIGATE.