Events View - Host Tab
The Host tab is in the Event Details panel. Here you can view network events enriched with endpoint data such as host and process triggered for the selected network event and other details such as risk score, reputation, and logged in user. The host panel is available for network events with endpoint data only.
Workflow
What do you want to do?
User Role | I want to ... | Show me how |
---|---|---|
Incident Responder or Threat Hunter |
review detections and signals seen in my environment |
NetWitness Platform Getting Started Guide |
Incident Responder |
review critical incidents or alerts |
NetWitness Respond User Guide |
Threat Hunter | query a service, metadata, and time range |
Begin an Investigation in the Events View Begin an Investigation in the Navigate or Legacy Events View |
Threat Hunter |
view metadata |
|
Threat Hunter |
view sequential events |
|
Threat Hunter |
reconstruct and analyze an event* |
|
Threat Hunter | examine files and associated hosts |
Download Data in the Events View |
Threat Hunter | perform lookups* | |
Threat Hunter | create an incident or add to an incident | |
Threat Hunter |
add a meta value to a Context Hub list |
*You can perform this task in the current view.
Related Topics
- How NetWitness Investigate Works
- Events View - Packet Tab
- Events View - Text Tab
- Events View - File Tab
- Events View - Email Tab
- Events View - Host Tab
Quick LookQuick Look
Below is an example of the Host panel with labeled features.
1 |
The event header displays the summary of network events enriched with endpoint data. It includes:
|
2 |
You can view additional details about the host and process. For more information, see Host Information. |