Hosts View - System Information TabHosts View - System Information Tab
Note: The information in this topic applies to NetWitness Version 11.1 and later.
The System Information tab lists the agent system information. To access this tab, select a host from the Hosts view and click the System Information tab.
Workflow
What do you want to do?
| User Role | I want to ... | Show me how |
|---|---|---|
| Threat Hunter | review hosts with highest risk score | |
| Threat Hunter | analyze hosts* | Investigating Hosts |
| Threat Hunter | perform adhoc scan* | |
| Threat Hunter | review host details | |
| Threat Hunter | search on snapshot* | |
| Threat Hunter | analyze processes | |
| Threat Hunter | review reported anomalies | |
| Threat Hunter | analyze risky users | Analyzing Risky Users |
|
Threat Hunter |
analyze events |
|
| Threat Hunter | download files for deeper analysis | Analyzing Downloaded Files |
| Threat Hunter | perform external lookups | Launch an External Lookup for a File |
| Threat Hunter | change file status or remediate | Changing File Status or Remediate |
| Threat Hunter | isolate host from network* | Isolating Hosts from Network |
| Threat Hunter | download MFT, system dump, or process dump* | Performing Host Forensics |
*You can perform this task in the current view.
Related Topics
Quick Look
Below is an example of the System Information tab:
| 1 |
Agent and Scan Details. You can view the following agent and scan details of the selected host: Host name - Name of the host. For example, WIN-ABC. Risk score - Risk score of the host. Operating System - Operating system on which the agent is running (Linux, Windows, or Mac). Agent Scan Status - Current status of the scan - Idle, Scanning, Starting Scan, or Stopping Scan. For more information, see Scan Hosts. Agent Last Seen - Time when the agent last communicated with the Endpoint server. Agent Version - Version of the agent. For example, 11.3.0.0. More - Provides options to:
Snapshot Time - Lists scanned time stamps. To view the scan history, you can select the snapshot time from the drop-down menu. |
| 2 | Search on Snapshots. Lets you search on all snapshots (file name, file path, and SHA-256 checksum). For more information, see Search Files on Host. |
| 3 |
System Information Panel - See System Information Panel. |
System Information PanelSystem Information Panel
The System Information panel displays the following tabs:
| Tabs | Description |
|---|---|
| Host File Entries | All network redirections written in the host file. For example, IP Address - 10.10.10.3 and DNS Name - localhost,localhost.localdomain,localhost4,localhost4.localdomain4 |
| Network Shares | Network name of the shared resource (for Windows only). For example, Name - Admin$, Description - Remote Admin, Path - C:\, Permissions - None, Type - disk, special, Max Users - 4294967295, Current Users - 0. |
| Security Products | Installed security products (for Windows only). For example, Display Name - Windows Defender, Instance - D68DDC3A-831F-4FAE-9E44-DA132C1ACF46, Features - Enabled, Type - antiVirus. |
| Windows Patches | List of patches applied by Windows update (for Windows only). For example, KB2959936. |
| Security Configuration | Security configuration details on the host. For example, firewall disabled or enabled, smart screen filter disabled or enabled. This field is only applicable for Windows and Mac. |
| Installed Applications | Displays the information about the various applications installed on a Windows machine. |
