An analysts can create and save the hunting profile for the use cases they have found in the environment and they want to have quick access to the profile.
For example, if the organization was attacked and the attackers got in by brute forcing user accounts. To proactively monitor for future brute force attempts the analyst can create a filter that contains the brute force alert type and save the hunting profile as favorite. The analyst can then click that favorite whenever they log on to see if new users were subjected to this type of attack.
To save the threat hunting profile as favorites, perform the following:
- Log into NetWitness Platform and click Investigate > Users.
The Overview tab is displayed.
- Click Users.
- In the Favorites pane, select the alert type in the Alert Type drop-down and Indicators in the Indicators drop-down.
- Click Save to Favorites.
- In the Save Filter dialog, enter the name of the filter and click Ok.
The hunting profile is saved and displayed in the Favorites pane. An analyst can click on the profile in the Favorites to monitor the users.