Events View - File Tab
The File tab is in the Event Details panel. Here you can safely view a list of files and download one or more files in an event.
Workflow
What do you want to do?
| User Role | I want to ... | Show me how |
|---|---|---|
|
Incident Responder or Threat Hunter |
review detections and signals seen in my environment |
NetWitness Platform Getting Started Guide |
| Incident Responder |
review critical incidents or alerts |
NetWitness Respond User Guide |
| Threat Hunter | query a service, metadata, and time range |
Begin an Investigation in the Events View Begin an Investigation in the Navigate or Legacy Events View |
| Threat Hunter |
view metadata |
|
| Threat Hunter |
view sequential events |
|
|
Threat Hunter |
reconstruct and analyze an event |
|
| Threat Hunter | examine files and associated hosts* |
Download Data in the Events View |
| Threat Hunter | perform lookups | |
| Threat Hunter | create an incident or add to an incident | |
|
Threat Hunter |
add a meta value to a Context Hub list |
*You can perform this task in the current view.
Related Topics
- How NetWitness Investigate Works
- Events View - Packet Tab
- Events View - Text Tab
- Events View - File Tab
- Events View - Email Tab
- Events View - Host Tab
Quick Look
The File panel displays a list of files associated with a network event. You can download files in this view.
Below is an example of the File panel.
| Feature | Description |
|---|---|
| Download Files button | Click to download one or more selected files. |
| Event Header | The Event Header displays summary information for the network event that contains the files. |
| Files List | Scrollable list of associated files that you can select and download. |
| VirusTotal Lookup | Click to perform a search on MD5, SHA1, or SHA256. |
