Configure NetWitness Endpoint as a Data Source

You can configure NetWitness Endpoint as a data source for Context Hub and use the Context Hub server to fetch contextual information from NetWitness Endpoint. Use the procedures in this topic to add NetWitness Endpoint as a data source for Context Hub service and configure the settings (if required) for NetWitness Endpoint.

Prerequisites

Before you configure NetWitness Endpoint data source, ensure that:

  • Context Hub service is available in netwitness_adminicon_25x22.png (Admin) > Services.view of NetWitness.
  • NetWitness Endpoint (v4.1.1 to 4.3.0.5) is installed and configured.
    For more information on how to install, configure and for detailed information on NetWitness Endpoint, see the NetWitness Endpoint documents available at NetWitness Community.

 

To add NetWitness Endpoint as a data source for Context Hub:

  1. Go to netwitness_adminicon_25x22.png (Admin) > Services.
    The Services view is displayed.
  2. Select the Context Hub service, and click netwitness_ic-actns.png > View > Config.
    The Services Config view is displayed.
  3. In the Data Sources tab, click netwitness_add.png > RSA Endpoint.
    The Add Data Source dialog is displayed.
    netwitness_addecatds_1442x1570.png
  4. Provide the following information:

    • By default, the Enable checkbox is selected. If this option is unchecked, the save button is disabled, you cannot add the data source, and cannot view the contextual information.
    • Context Highlighting – This highlights the meta values (in the Investigate > Navigate, Events, Event details and Nodal graph) for which the contextual information is available for this data source in the Context Hub. By default, this option is enabled.

    Note: You can disable the context highlighting globally in the Context Hub explorer view. After you disable this option, the entity values for all the data sources configured will not be highlighted if there are any contextual information.

    • Enter the following fields:
      • Name: Enter a name for NetWitness Endpoint data source.
      • Host: Enter the hostname or IP address where NetWitness Endpoint API server is installed.
      • Port: The default port is 9443.
      • SSL: Select SSL if you want NetWitness to communicate with the host using SSL. This is enabled by default.
      • Username: Enter the NetWitness Endpoint API Server username.
      • Password: Enter the NetWitness Endpoint API Server password.
      • Trust All Certificates: Select this checkbox to add the data source without validating the certificate. If you uncheck this option, you need to upload a valid server generated or CA certificate to authenticate the connection with the supported formats of .cer or .crt of Base64 [PEM] encoded or DER encoded.
      • Max. Concurrent Queries: You can configure the maximum number of concurrent queries to be run against the configured data sources. The default value is 10.
  5. Click Test Connection to test the connection between Context Hub and the NetWitness Endpoint.
  6. Click Save.
    NetWitness Endpoint is added as a data source for Context Hub and is displayed in the Data Sources tab.
    121_EP_DS_Added_1122.png

 

Next steps

After adding the data source, you can configure the settings. For more information, see Configure Context Hub Data Source Settings .

Also, you can view the contextual data in the Context Summary Panel of the Respond view or Investigate view. For more information, see the NetWitness Respond User Guide and the NetWitness Investigate User Guide