This guide was designed to assist in hunting with Netwitness Endpoint (ECAT). It contains some of the more important information from Hunting Guide, but in an easy reference. The second page is split into two parts: RED for strong indication of malware, and YELLOW for a good indication. The Cheat Sheet should be printed out front to back and laminated.
******* UPDATE v1.1 *********
Removed references to $FN and $SI dates since they are no longer available in the UI