Context Hub Data Sources Tab

In the Data Sources tab, you can configure one or more data sources for Context Hub service. Navigate to netwitness_adminicon_25x22.png (Admin) > Services > Select Context Hub service > View > Config > Data Sources tab.

Workflow

This workflow shows the procedure to configure data sources for Context Hub service to view contextual information in the Respond / Investigate views.

Workflow to explain the actions of the Context Hub Data Sources tab

  • The first task is to add a data source
  • The second task is to configure data sources settings to enhance your deployment. This task is optional as the settings for each data source is already configured with default values for optimal performance.
  • And the third task is to view and analyze the contextual information in the Context Summary panel of the Respond or Investigate views.

What do you want to do?

Role I want to ... Show me how
Administrator Configure Data Sources for Context Hub*

Configure Lists as a Data Source

Configure Archer as Data Source

Configure Active Directory as a Data Source

Configure NetWitness Endpoint as a Data Source

Configure REST API as a Data Source

Configure File Reputation Server as a Data Source

Configure STIX as a Data Source

Administrator Configure Hub Data Settings* Configure Context Hub Data Source Settings
Analyst View Contextual Information in Respond View

See the NetWitness Respond User Guide.

Analyst Add, create and delete list from the Respond or Investigate View

See the NetWitness Respond User Guide.

See the Investigate User Guide.

Analyst

Add or delete an entry from an existing list

See the NetWitness Respond User Guide.

*You can complete this task here (that is in the Context Hub Data Sources Tab.)

Related Topics

Quick Look

The following example illustrates how to add a data source for Context Hub service.

netwitness_lp_ds_tab.png

1 Click netwitness_add.png to display the Add Data Source dialog.
2 Displays the type of Data Source.
3 Name that identifies the Data Source.
4 The IP address or hostname of the data source.
5 The connection port for the data source.
6 Opens the Configure Settings dialog. You can view and edit the settings to be displayed on the Context Summary panel in the Respond or Investigate views.
7 Click Test Connection to verify that the host is connected to the Context Hub service.

Toolbar

The following table describes the toolbar actions.

Feature Description
netwitness_add.png

Opens the Add Data Source dialog so that you can add a data source. You can add only one data source of each type. Except in case of Lists and Active Directory data sources which can be added in multiples. For detailed instructions to add a data source, see Configure Lists as a Data Source.

netwitness_delete.png

Delete a data source.

If you delete a data source, Context Hub does not consider the deleted service as a data source. All contextual information fetched previously will not be available.

netwitness_ic-edit.png

Opens the Edit Data Source dialog.

netwitness_ic-actns2.png

Opens the Configure Settings dialog. You can view and edit the settings for the data sources.

For description of each field in Configure Responses dialog, see Configure Context Hub Data Source Settings .

Data Source Configurations

The following table describes the listed configurations.

Feature Description
Enabled

Indicates whether the data source is enabled or disabled. A solid colored green circle indicates that data source is enabled (netwitness_greencir.png). An blank white circle indicates that data source is disabled.

Type

The type of data source. For example, Lists, Archer, Active Directory, Endpoint, Respond, REST API or File Reputation server.

Name

The unique name to identify the data source. For example, Respond.

Address

The IP address or hostname of the data source.

Port

The connection port for the data source and vary based on the data source being added. For example, for Endpoint the port is 9443, for Lists the port is 80 and so on.