Events View - Host Tab

The Host tab is in the Event Details panel. Here you can view network events enriched with endpoint data such as host and process triggered for the selected network event and other details such as risk score, reputation, and logged in user. The host panel is available for network events with endpoint data only.

Workflow

netwitness_wkflow-emailrecon.png

What do you want to do?

User Role I want to ... Show me how

Incident Responder or Threat Hunter

review detections and signals seen in my environment

NetWitness Platform Getting Started Guide

Incident Responder

review critical incidents or alerts

NetWitness Respond User Guide

Threat Hunter query a service, metadata, and time range

Begin an Investigation in the Events View

Begin an Investigation in the Navigate or Legacy Events View

Threat Hunter

view metadata

Filter Results in the Navigate View

Drill into Metadata in the Events View

Threat Hunter

view sequential events

Filter Results in the Events View

Filter Results in the Legacy Events View

Threat Hunter

reconstruct and analyze an event*

Examine Event Details in the Events View

Reconstruct an Event in the Legacy Events View

Threat Hunter examine files and associated hosts

Download Data in the Events View

Export or Print a Drill Point in the Navigate View

Export Events in the Legacy Events View

Threat Hunter perform lookups*

Look Up Additional Context for Results

Launch a Lookup of a Meta Key

Threat Hunter create an incident or add to an incident

Add Events to an Incident in the Legacy Events View

Add Events to an Incident in the Events View

Threat Hunter

add a meta value to a Context Hub list

Look Up Additional Context for Results

*You can perform this task in the current view.

Related Topics

Quick LookQuick Look

Below is an example of the Host panel with labeled features.

122_Hostsview_1122.png

1

The event header displays the summary of network events enriched with endpoint data. It includes:

  • Host - The host from where the event originated.
  • Process - The source process which triggered the event.
  • User - The user associated with the triggered process.
2

You can view additional details about the host and process. For more information, see Host Information.