Live Search Content View

The Live Search Content view provides the ability to search the configured Live CMS for contents. Once matching contents are found, you can view the details, and download the contents.

This is an example of the Search Content view.

Search View grid

The Live Search Content view has a panel for specifying search content and displays the matching contents on the right panel.

Search Content Panel

This is an example of the Search Content panel.

Search Criteria panel

The following table provides descriptions of the Search Content panel features.

Feature Description
Keywords Enter a keyword or keywords to browse for contents that have the keyword in the resource name or the resource description. You can use wildcards when you enter a keyword.
Resource Types

Select resources types from the drop-down list to filter resources by type of resource. Possible values are:

  • Application Rule
  • Feed
  • Log Device
  • Correlation Rule
  • NetWitness Rule
  • NetWitness Report
  • Lua Parser
  • Log Collector
  • NetWitness List
  • Malware Rules
  • Event Stream Analysis Rule
  • Advanced Analytics (Warehouse)
  • Bundle
  • Health and Wellness Dashboards
  • Health and Wellness Monitors
  • Investigate Profile
  • Investigate Column Group
  • Investigate Meta Group

Tags

Select meta tags from the drop-down list to browse based on how the meta is tagged. For example, to browse contents for a Log Decoder, select the netwitness for logs tag.

Required Meta Keys Enter a specific meta key. For example, threat.source.

Generated Meta Values

Enter a generated meta value. For example, rsa-firstwatch.

Created Date Specify a date range during which contents were created. For example, to browse contents that were created between January 1 and January 4, you select January 1 as the start date and January 4 as the end date. You must enter dates in yyyy/mm/dd format or you click netwitness_dateformat1_14x13.png and pick dates from a calendar.

Modified Date

Specify a date range during which contents were modified. For example, to browse contents that were modified between January 1 and January 4, you select January 1 as the start date and January 4 as the end date. You must enter dates in yyyy/mm/dd format or you click netwitness_dateformat1_14x13.png and pick dates from a calendar.

Search Click Search to send the search request to the Live server. More specific search criteria return matching contents more quickly.

Reset Filter

Click Reset Filter to reset the existing search results and displays all the content on the right panel.

Include Discontinued

Check Include Discontinued to include the discontinued contents in the search result. For an up-to-date list of contents that have been discontinued, see the Discontinued Content topic.

Search Results Panel

The Search Results panel displays search results based on the selections made in the Search Content panel.

This is an example of the Search Results panel.

netwitness_livedetailresultsoncloud1_1576x548.png

The following table describes the elements in the search results panel.

Feature Description
Name

The name of the content. For example, Log Parser Pack.

Created The date when the content was created. For example, 04-Aug-2017 15:19:06.

Updated

The date when the content was last updated. For example, 29-Sep-2020 20:27:14.

Type The type of the content. For example, Bundle.

Description

The description of the content. For example, Contains all parser files and log collection files.

Discontinued

The status of the discontinued content:

  • Yes: The content that matches the search criteria is discontinued
  • No: The content is not discontinued

Content Details Panel

In the Search Results panel, you can select any content titles to view the details in the pop-up window and download the contents.

This is an example of the Content Details panel.

netwitness_detailresultspanel1_377x404.png

The following table describes the elements in the Content Details section.

Feature Description
Name

The name of the content. For example, Log Parser Pack.

Type The type of the content. For example, Bundle.
Created The date when the content was created. For example, 04-Aug-2017 15:19:06.

Updated

The date when the content was last updated. For example, 29-Sep-2020 20:27:14.

Description

The description of the content. For example, Contains all parser files and log collection files.

Version on Production The version of the content. For example, 0.5.

Size

The size of the content. For example, 14.96 KB.

Required Resources A list of resources on which this resource depends. For example, NetWitness Lua Library. Clicking a resource replaces the currently displayed details with the details of the one you clicked in the pop-up window.

Tags

The tags that apply to the content. For example, threat. Clicking a tag opens the Live Search Content view with the search narrowed to match contents with that tag.

Required Meta Keys The meta keys that apply to the content. For example, Threat Category. Clicking a meta key opens the Live Search Content view with the search narrowed to match contents with that meta key.

Generated Meta Values

The meta values that the content generates. For example, rsa-firstwatch. Clicking a meta value opens the Live Search Content view with the search narrowed to match contents with that meta value.

Discontinued

The status of the discontinued content:

  • Yes: The content that matches the search criteria is discontinued
  • No: The content is not discontinued