AnsweredAssumed Answered

Netwitness Asset database

Question asked by Natan Grigoriev Employee on Oct 16, 2018
Latest reply on Oct 17, 2018 by Biju Vasudevan

Hi,

 

Is there an option in netwitness to add data on specific IPs/users that show up in the logs, and add them to some sort of database, that way we can have brief information on specific IP, and not needing to resort to external lists.

 

Example:

The FW reported communication from 10.1.0.154 to a known botnet IP.

If we have the information regarding 10.1.0.154 in the system we can immediately inform the person/department whos workstation it is, or if no data is present, after investigating, adding it for future reference.

Outcomes